Block RDP User from accesing internet

Hello, Im having some issues with an employee of a customer.

He watch espn football games, in his RDP sesion, in a windows server machine shared with a few other users. He uses a large amount of resourses every time he watches this games, slowing the other employes tasks.

i blocked in pfsense, so he cant stream this content anymore. but becouse wasnt working, he opened a ton o shady sites with ilegal streams and its dangerous popups.

How can i block internet for this user completely, but keep gmail and a few other sites working?

Thanks, Nicolas

I dont know about pfsense firewall side blocking internet but I use quick heal anitivirus (parental control feature) to do website filtering on specific users who use rdp… I don’t know its the right thing to do… But i like to do it this way…

1 Like

pfsense is not the best at web site filtering, there are better end point solutions for that.

1 Like

If I were doing these activities through work, I’d get terminated. Going anywhere shady would be grounds for a trip to human resources, and the second time would be out the door.

You can run e2guardian on pfsense and filter sites in a few different ways, but it is not a standard package that you install, takes a little work to get it going. You could put up a web proxy server and filter everything through that, I used to use Privoxy, but it has some limitations.

I have e2guardian running in block everything mode (walled garden) and then allow certain sites to get through, works OK if you have a small set of websites allowed, but you are going to need to set up a certificate for secure browsing and do man in the middle to intercept https traffic. You should also block traffic from using ip addresses directly, this forces them to use the dns name which lets you filter them.


i would have fired him long time ago if it was my call, but it isnt.

i think im going to try to install something in his sesion only, to avoid afecting other users

Thanks for the info!

1 Like

A linux server with e2guardian running that is set up as a web proxy, and then force his sessions through that proxy would do it. You might be able to run e2guardian on Windows too, not certain.

You can also bypass computers in e2guardian, just list their IP addresses in the exceptions box and they are clear. Works well if you don’t have too many computers that need a bypass. I have a few things including the computer I’m typing this on that are bypassed, but the list is only like 8 computers so not a big task. You might be able to make it an inverted list, so only the listed IP address goes through the filtering, that would be a question for the user mail list.

1 Like