Is there a way that I can create an Allowed URL list to restrict users to ONLY have access to the websites that are on the list and nothing else?
Without using a Proxy? Enable DNS with a fake IP, and use a Host file:
kb.igel.com/igelos-11.08.330/en/hosts-88021966.html kb.igel.com/igelos-11.08.330/en/hosts-88021966.html
Which Browser is in use?
I think that this will break my AD
I think that this will break my AD
Can also restrict it via the allowlist / blocklist within the chromium browser i believe
Guide to help here:
leon-beitsch.de/shared/IGEL_OS_with_Chromium.pdf
Thank you so much
Unfortunately, the article does not explain, how can add the URL’s in the allow list and prevent all the other. I can add the allowed URL’s to the URLAllowlist, but it still does not prevent me from going to any other websites.
You can also use URLBlockList and enter * so everything should be blocked except from what you put on the allow list
Yeah, you’d think that its logical, but it does not work.
URLAllowlist: [“.graphicpkg.com graphicpkg.com”,“.idaptive.app idaptive.app”]
URLBlocklist: *
And, if I do the following for the URLBlocklist: [“*”], it blocks everything, even what’s in the URLAllowlist
It should work, see the official docs:
chromeenterprise.google/policies/#URLAllowlist
Have used it myself and was able to get it to work but i do remember the syntax being a little fiddly
Yes, understand that it should work, but its not for now.
Yeah, not sure…. no go so far, no matter how I slide and dice it.
Wonder if its a bug in 11.08
You can use @member method but instead, configure a fake proxy and add the websites you want to allow as exceptions
@member let me help you with this. You can configure this URL list in 11.08.. Which 11.08. you are using, then I can test it on my side. Can you send me the list of URLs you want to allow? Then I can create you a ready-to-use IGEL profile you can import and I can test it before.
11.08.330
Allow: google.com google.com and cnn.com cnn.com for example only and disallow everything else.
gpi.my.idaptive.app/my?customerId=AAU0618
is the URL that I want to allow
and one more for testing, like google.com google.com
@member here is a IGEL profile, which you can import directly to your UMS server. Tested in my test environment with a 11.08.330 client, it worked on my side. The client could only access the three sites/domains.
Hello, you can create proxy.pac file dedicated to igel : proxy-igel.pac and only allow proxy for allowed urls, for all others : direct and block them on the network firewall, or if no proxy/firewall do the other way : allowed urls direct, restricted urls through non existing proxy : `function FindProxyForURL(url, host)`
{
if ((isPlainHostName(host) ||
dnsDomainIs(host, “.company.com company.com“)) &&
!localHostOrDomainIs(host, “http://www.company.com www.company.com“) &&
!localHostOrDoaminIs(host, “http://home.company.com home.company.com“))
return “DIRECT”;
else
return “PROXY proxy:80”;
}
www.cisco.com/c/en/us/support/docs/security/web-security-appliance/118076-configure-wsa-00.html
Leon, that worked, thank you SO MUCH.
Continue reading and comment on the thread ‘Is there a way that I can create an Allowed URL list to restrict users to ONLY have access to the websites that are on the list and nothing else?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!