Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.6: Whitelist websites for a Mac web kiosk Internet
Snow Leopard only hintI needed to allow users of kiosk machine to only browse a list of permitted websites. This 'whitelist-only' functionality is available via OpenDNS, but it's expensive, with even the highest-end paid option allowing a miserly 50 domains. I have over 300. You can also use commercial software like wKiosk, but I found version 6's URL control to be unreliable.

Below is an alternative method.

1. Go to Parental Controls (System Prefs » Accounts » choose a non-admin user » Open Parental Controls…) and go to the Content tab: Allow Access to only these websites. This enables whitelisting, but you can only add sites one-by-one. What a pain!

2. Delete all but one of the whitelisted sites. Note which one you left, we'll need to find it later.

3. Go to Terminal, and run the following command, replacing userGoesHere with the account name you enabled Parental Controls for in Step 1:
dscl . -mcxexport /Users/userGoesHere > ~/Desktop/parental_settings
This makes a file called parental_settings on your Desktop. Duplicate it so you have a backup.

4. Using your favorite text editor (I am using TextWrangler for some of the commands below, so you may need to find equivalents if you use a different editor), format your list of whitelist domains/websites in a simple text file, one site per line, with a single carriage return at the end of each line. I had them all start with http.

5. Open your text file of whitelisted sites and parental_settings in your text editor.

6. In the whitelist file, hit Command+F to bring up the Find dialog. Turn on the Grep checkbox at the bottom. In the Find portion of the dialog, put the following:

(http*.*)(\r)

In the Replace box, put:
\r\taddress\r\t\1\r\tbookmarkPath\r\t/AllowedSites/\r\tpageTitle\r\t\1\r\r\t
Click Replace All. This uses regular expressions to replace each URL with a correctly-formatted plist entry.

7. Select the whole, newly-expanded whitelist text and copy it.

8. Switch to the parental_settings file, and scroll down until you see the single website you left in as a marker. Select the text within the enclosing tags above and below it, including the tags, and delete it.

9. Paste in your copied text to this same spot.

10. Save and close the modified parental_settings file.

11. Back in Terminal, enter the following (you may need to enter your password after hitting return):
sudo dscl . -mcximport /Users/userGoesHere ~/Desktop/parental_settings
That should be it. Log in to the userGoesHere account and see if it works.

[crarko adds: I haven't tested this one.]
    •    
  • Currently 3.40 / 5
  You rated: 5 / 5 (5 votes cast)
 
[10,148 views]  

10.6: Whitelist websites for a Mac web kiosk | 3 comments | Create New Account
Click here to return to the '10.6: Whitelist websites for a Mac web kiosk' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Whitelist websites for a Mac web kiosk
Authored by: Andrew J Freyer on Oct 25, '10 09:15:25AM
Another easy and free solution would be to use GlimmerBlocker. It is a proxy-based web filter that can block all but whitelisted domains or subdomains.

EDIT - For some reason the link is redirecting to hints.macworld.com. The web address for GlimmerBlocker is www.glimmerblocker.org.

---
Easier location-based computing: with Airport Location, app for 10.6. It's an early Beta, so please report bugs!

Edited on Oct 25, '10 09:17:50AM by Andrew J Freyer


[ Reply to This | # ]
10.6: Whitelist websites for a Mac web kiosk
Authored by: st601486 on Oct 27, '10 08:07:11PM

Another possible (but somewhat less elegant and it'd probably be a headache to enter 300 addresses) option would be to do something like this:

1. Open System Preferences
2. Select Network preference pane
3. Select your network interface (e.g Ethernet). If you have multiple interfaces active, yes, you do the rest of the steps multiple times.
4. Click the button that says "Advanced ..."
5. Select the tab that says "Proxies"
6. Tick the checkboxes next to "Web Proxy (HTTP)" and "Secure Web Proxy (HTTPS)". For both cases, set the Web Proxy Server to something like 127.0.0.1 (aka loopback)
7. In the section labeled "Bypass proxy settings for these Hosts & Domains", enter the addresses you want to whitelist in a comma-separated list, I think.

For bonus points, if you're bored, do the following (unless you have your Firewall set to block everything in which case it might not work):
1. Go to System Preferences > Sharing
2. Enable Web Sharing
3. Write up a scolding message in html, name the file "index.html" and put it in /Library/WebServer/Documents/

Edited on Oct 27, '10 09:03:57PM by st601486



[ Reply to This | # ]
10.6: Whitelist websites for a Mac web kiosk
Authored by: pwhittaker on Oct 28, '10 02:14:06AM

cool, other ideas!

Andrew, maybe I'm thick, but how do you set up whitelist functionality in glimmerblocker? Do you need a "block all" rule first, followed by your whitelisted rules?



[ Reply to This | # ]