BHO that filters out pages

Hello all,

In our environment we have two login modes: internet and non-internet.
Internet users can browser anywhere, non-internet users cannot. The
distinction between the two is whether they have agreed to pay the
charges. Furthermore, the non-internet users should be able to browse
a few chosen web sites, for free.

I was reading about BHOs and it seems they can trap browser events. I
am wondering if I can trap the BeforeNavigate and change the target
URL to some other one if the target URL is not approved for that user.
I have written code for a webbrowser control, and I could easily do
that. Now I would like to do this from within IE.

So, is it possible to modify the target URL event in IE using a BHO?

Thanks,

Armando

armando@highseascs.com wrote on Sun, 28 Sep 2008 15:42:04 -0700 (PDT):

> Hello all,

> In our environment we have two login modes: internet and non-internet.
> Internet users can browser anywhere, non-internet users cannot. The
> distinction between the two is whether they have agreed to pay the
> charges. Furthermore, the non-internet users should be able to browse a
> few chosen web sites, for free.

> I was reading about BHOs and it seems they can trap browser events. I
> am wondering if I can trap the BeforeNavigate and change the target
> URL to some other one if the target URL is not approved for that user.
> I have written code for a webbrowser control, and I could easily do
> that. Now I would like to do this from within IE.

> So, is it possible to modify the target URL event in IE using a BHO?

> Thanks,

> Armando


Would you not be better off looking at a proxy server and controlling access
at a central point? I'd be very wary of using a BHO for this, both for
performance reasons and the ability to circumvent pretty easily - running
IE in no-adds mode would mean no BHOs are loaded and so your non-internet
users have no restrictions. By having all outgoing access (assuming that
you're using a LAN of some kind and can control the outgoing connections)
routed via a proxy (block outgoing connections for web traffic except from
the proxy, and set up the browser on each PC to connect via the proxy) you
have central control that cannot be circumvented, and this will probably be
easier to manage too.

--
Dan

Dan,

Thanks for the reply. I thought about using a proxy server but the
users are logged in to a terminal service. I explored some proxy
server solutions but they all required the user to sign on a 2nd time
to be able to get to the internet.
I believe I can I use GPOs to prevent users from not loading the BHOs,
as the users won't have any admin capability. Does this make sense?

Armando

On Sep 29, 5:01*am, "Daniel Crichton" <msn...@worldofspack.com> wrote:
> arma...@highseascs.com wrote *on Sun, 28 Sep 2008 15:42:04 -0700 (PDT):
>
> > Hello all,
> > In our environment we have two login modes: internet and non-internet.
> > Internet users can browser anywhere, non-internet users cannot. The
> > distinction between the two is whether they have agreed to pay the
> > charges. Furthermore, the non-internet users should be able to browse a
> > few chosen web sites, for free.
> > I was reading about BHOs and it seems they can trap browser events. I
> > am wondering if I can trap the BeforeNavigate and change the target
> > URL to some other one if the target URL is not approved for that user.
> > I have written code for a webbrowser control, and I could easily do
> > that. Now I would like to do this from within IE.
> > So, is it possible to modify the target URL event in IE using a BHO?
> > Thanks,
> > Armando
>
> Would you not be better off looking at a proxy server and controlling access
> at a central point? I'd be very wary of using a BHO for this, both for
> performance reasons and the ability to circumvent pretty easily - *running
> IE in no-adds mode would mean no BHOs are loaded and so your non-internet
> users have no restrictions. By having all outgoing access (assuming that
> you're using a LAN of some kind and can control the outgoing connections)
> routed via a proxy (block outgoing connections for web traffic except from
> the proxy, and set up the browser on each PC to connect via the proxy) you
> have central control that cannot be circumvented, and this will probably be
> easier to manage too.
>
> --
> Dan

You should be able to find a proxy service that uses Windows Integrated
Authentication so that the user account they log on to the TS with is passed
transparently to the proxy without requiring them to log in again. I'm
pretty sure ISA Server will do this, and I doubt it's the only one.

Dan


armando@highseascs.com wrote on Mon, 29 Sep 2008 15:10:33 -0700 (PDT):

> Dan,

> Thanks for the reply. I thought about using a proxy server but the
> users are logged in to a terminal service. I explored some proxy server
> solutions but they all required the user to sign on a 2nd time to be
> able to get to the internet.
> I believe I can I use GPOs to prevent users from not loading the BHOs,
> as the users won't have any admin capability. Does this make sense?

> Armando

> On Sep 29, 5:01 am, "Daniel Crichton" <msn...@worldofspack.com> wrote:
>> arma...@highseascs.com wrote on Sun, 28 Sep 2008 15:42:04 -0700
>> (PDT):

>>> Hello all,
>>> In our environment we have two login modes: internet and
>>> non-internet.
>>> Internet users can browser anywhere, non-internet users cannot. The
>>> distinction between the two is whether they have agreed to pay the
>>> charges. Furthermore, the non-internet users should be able to
>>> browse a few chosen web sites, for free.
>>> I was reading about BHOs and it seems they can trap browser events.
>>> I am wondering if I can trap the BeforeNavigate and change the
>>> target
>>> URL to some other one if the target URL is not approved for that
>>> user.
>>> I have written code for a webbrowser control, and I could easily do
>>> that. Now I would like to do this from within IE.
>>> So, is it possible to modify the target URL event in IE using a BHO?
>>> Thanks,
>>> Armando

>> Would you not be better off looking at a proxy server and controlling
>> access at a central point? I'd be very wary of using a BHO for this,
>> both for performance reasons and the ability to circumvent pretty
>> easily - running
>> IE in no-adds mode would mean no BHOs are loaded and so your
>> non-internet users have no restrictions. By having all outgoing
>> access (assuming that you're using a LAN of some kind and can control
>> the outgoing connections)
>> routed via a proxy (block outgoing connections for web traffic except
>> from the proxy, and set up the browser on each PC to connect via the
>> proxy) you have central control that cannot be circumvented, and this
>> will probably be easier to manage too.

>> --
>> Dan