Allow use of blacklists in whitelist only mode
Hello,
I was trying to setup an restricted network for students that have abused their internet privilege, the idea was to basically only allow Drive and gMail.
The reason I would like to use a blacklist in whitelist mode is to block chat in gMail. The gmail domain is mail.google.com, the gmail chat is chatenabled.mail.google.com. I can find no way to allow gmail without allowing chat without the use of a blacklist, hence this request.
Regards
-
Rotblitz, I don't know why you think I'm not a paying customer. I'm the administrator for a College network and we are a paying customer. You can not use a blacklist of domains when you have a policy in whitelist mode. This means I can not have a whitelist policy that allows Google Mail that also blocks the embedded chat feature as the URL to do so is a subdomain,
-
"I don't know why you think I'm not a paying customer."
Did I say this? I can't see where I did, and I really didn't think about anything in this context. And you didn't mention what service this is for.
Honestly, I thought you're requesting a whitelist-only mode possibly for the free service.And yes, if you have whitelist-only mode enabled, your blacklist doesn't take effect. I understand now what you mean, and it makes sense.
Temporary workarounds would include (given that you run an institutional network):
- Either add this line to the local hosts file (maybe as AD policy): 0.0.0.0 chatenabled.mail.google.com
- Or configure your local DNS server with chatenabled.mail.google.com as a local domain, pointing it to Nirvana or to hit-block.opendns.com
- Or configure your proxy server (which you may operate) to block chatenabled.mail.google.com
- Or introduce an AD policy for the browsers being used to block chatenabled.mail.google.com
-
There is unfortunately no way to blacklist a subdomain of a domain that is whitelisted. For example, if mail.google.com is whitelisted, this whitelists *.mail.google.com and this will automatically include chatenabled.mail.google.com. Whitelist only can be considered a blacklist entry for every single domain that exists is implied, and the whitelist overrides the domains added to it.
There is no way to whitelist *.mail.google.com with the entry mail.google.com and also block chatenabled.mail.google.com with OpenDNS at this time.
Please sign in to leave a comment.
Comments
4 comments