Blocking Web site access to overly curious users in an open environment poses policy and technical challenges. You can meet the challenge with simple tools and target the result to a selected audience.
A project leader came to us and presented an intriguing logistical problem: His agency runs an educational unit for adolescents who have difficulty in public schools. The kids are curious and computer savvy, and they secretly access a popular interactive youth culture site during class. The agency wanted to block the site. This site provides a wealth of positive interaction but it's inappropriate for vulnerable adolescents and apprehensive staff. Dark tales of lurking online predators abound in TV crime shows.
The "Just Say No!" method does not work. Teachers travel between classrooms and computer screens face different directions. The kids hide the taboo window when the teacher is near and restore it when the teachers are gone.
Some browsers support Web site blocking. Ours did but the process was awkward. Teachers balked at the prospect.
Group Policy would be a viable solution but the affected computers are low-end models passed down the corporate food chain. They lie below acceptable specs and are rarely upgraded -- because of the rationale that someday the ante-diluvian machines will be replaced.
Push the changes by remote administration to specific targeted workstations? The resident pushmaster was unavailable. The solution had to be simple to please the teachers.
Then the teachers modified their needs. Don't just block the site, they said, redirect it! If someone accesses the bad site by whatever devious means then direct it to CNN at www.cnn.com instead. (Is this a surreptitious way to expose and educate adolescents to current events?)
Hail to the hosts
A simple and effective solution for a contemporary Windows environment involves the hosts file. Insert two lines that mix and match the undesirable Web site with the IP address of a desired Web site. For example:
Suppose the taboo site is www.xxx.com and the IP address of CNN is 18.104.22.168 then append
to the file c:\windows\system32\drivers\etc\hosts. If you type www.xxx.com then you are redirected to CNN. The change takes effect immediately. (Reboot is recommended).
Our users have generic hosts files as a consequence of receiving cloned drive images when the machines were first put into service or repaired after a crash. So you go with what you have. Rename the existing hosts file for backup then copy over a revised hosts. This method avoids cumbersome programming labor that creates a handle, opens a file, appends a file and closes a file.
A simple batch file (block.bat) does the job. Suppose the revised hosts file resides on the Y drive. Then rename and copy thusly:
Rename c:\windows\system32\drivers\etc\hosts hostsbkp
Copy y:\hosts c:\windows\system32\drivers\etc\hosts
Purists can CD to the proper directory and then use simpler command syntax.
Note that an ECHO command can append but makes no backup.