Restricting Browsing with Mozilla Firefox for Business Scenario


[tweetmeme source=”mrnitishkumar” only_single=”false”]

Its been long that I kept on thinking over starting a series on System admin tips & tricks that will not only facilitate my colleagues on workplace, but also for people looking out for a systematic dummies\ scratch level info in the same era.  But as these technologies and the way most of the workplaces are, it remained a due always …. from my side..

I already have written a number of dummies posts about some of the important elements related to System administration in corporate scenario like Windows Deployment Services, robust, systematic yet simplest approach over Squid Proxy Server and it reporting and Zabbix Mentoring Server.


Today I am here to share some tips that I learned through a very knowledgeable resource; Locking down Mozilla Firefox Browser …

Why lock down? What are the dangers?

Some might question that why I am talking about locking down Firefox. but my friends in corporate scenario might well understand that some security domains require you to lock things down up to a level that may enable you only to function as much required, not more than that.

Probably a reason that corporate love Microsoft technologies, is giving the administrator proper and well documented controls over the behavior of every aspect of systems throughout the organization via one or a few centralized servers. The method used is group policy; a set of rules which control the working environment of user accounts and computer accounts. Group Policy provides the centralized management and configuration of operating systems, applications and users’ settings in an Active Directory environment.

browser-wars

But as you all know, this is not same with third party apps like Firefox, Chrome or Opera. In fact, Chrome and Opera could be ruled out on Business scenario due to some very know issues and that leaves with Mozilla Firefox that been very stable about speed and various ASP .Net based CRMs (very specially for Linux based dialers). If you have a Dialer Scenario on your workplace (BPOs, IPOs), then sure its a read for you as you know that why to lock down Firefox.

danger

Now, coming over dangers …

You don’t want that the agent sitting with an opened CRM may be able to copy-paste something over somewhere. You might have restricted Notepad, WordPad, Office etc and might have restricted Internet as well, but there will always be ways, as you can’t control elements of Mozilla Firefox like you been able to manage Internet Explorer.

Flaws are many for business scenario .. I am taking count of just three …

  1. If you type c:\ in Firefox’s address bar, then it redirects you to file:///c:/ and displays all the content of C:\ drive. No matters you restricted the drive access from your Domain’s Group policy. It might be scary news for any security admin, but let me tell you, its the same with Opera and Chrome as well.
    Files
  2. You can’t control history setting, auto complete in forms and minor things like that.
  3. You can’t control opening source code of some page as that doesn’t open up in Notepad or something that could have been blocked and opens up in Firefox’s own reader.

What can you do about it? How to start? What practices to be followed?

Before starting, let me tell you one thing. Its not going to be some centralized management like you have in case of Internet Explorer, but you can have your ways, only if you use standard build all over and restrict user rights for installing and even updating anything.

You will create a standard build by installing updated Firefox with required add-ons and then distribute the same folder all over by replacing existing Install folder in program files.

 

The steps to restricting Access to Local Drives

First install updated Mozilla Firefox somewhere and then perform the following over the same.

  1. Open "c:\program files\mozilla firefox\chrome\browser.jar" in a zip program
  2. Browse to "content\browser" and extract "browser.js"
  3. Open "browser.js" in a text editor
    ( Note Notepad loses the formating, so open "browser.js" in firefox, select all, copy to notepad. >right click on .jar file > open with 7zip)
  4. Go to browser.js and drag it to the desktop. then drag the file from the desktop into firefox to edit (because notepad is crap and screws up the spacings). In Firefox select all and copy the text into notepad, to retain the correct spacing. Edit the file and save the file in notepad as browser.js Now drag that file back into 7zip (the overwrite the browser.js) and click close.
  5. Locate the line "var location = aLocationURI ? aLocationURI.spec : "";" (Applicable to v3.6 only)

    Save "browser.js" and copy back into "browser.jar" in the zip program and save "browser.jar"

    Add (below the above line):

if (location.match(/^file:/) || 
location.match(/^\//) || 
location.match(/^resource:/) ||
(!location.match(/^about:blank/) &&
location.match(/^about:/))) {
loadURI("about:blank");
}

This should now load a blank page when you try to go to a "about:" page, try opening "file/ / /c/" and also "c:"

You can just copy the firefox directory (c:\program files\mozilla firefox) to the machine you want to run it on and create a shortcut it. Also set permissions on the "Mozilla Firefox" directory for students as allow "Read & Execute", "List Folder contents" and "Read" only.

Note: There are options to control Firefox more closely via C:\program Files\Mozilla Firefox\defaults\profile\chrome\userChrome.css, but as I am not able to get them working exactly in way I want to, so not posting about that right now. Will post sometimes later on.

 

Programming ASP .Pages or other web pages in secure ways

So, you have solved the biggest trouble, access to local drives, now what about copy paste and viewing Source Code?

Might cause some frustration among end users, but if you are really that serious about security then the option is to restrict usages on Ctrl, Right Click keys on page and also Copy/Cut/ Paste options.

Two ways to do the same..

ASP .Net way – Use the following code on your ASP Page to restrict copy/ cut/paste/ right click

<asp:TextBox ID="TextBox1" runat="server"

oncopy="return false"

onpaste="return false"

oncut="return false"

oncontextmenu="return false;">

</asp:TextBox>

JavaScript way – For people familiar with JavaScript, this is the another way and this also gives the user a pop-up message if he\she did pressed the restricted keys\ key combination.

<head runat="server"> <title>Untitled Page</title>

<script language="javascript"> function DisableRightClick(event){

//For mouse right click

if (event.button==2){ alert("Right Clicking not allowed!"); }}

function DisableCtrlKey(e){ var code = (document.all) ? event.keyCode:e.which;

var message = "Ctrl key functionality is disabled!";

// look for CTRL key press

if (parseInt(code)==17){ alert(message); window.event.returnValue = false; }}

</script></head>

Note: you can place this function to MASTER PAGE, if we want this into many different pages. Now we have to call this function into our pages, using this coding

<body><form id="form1" runat="server">

<div><strong>Right click disabled</strong> textbox<br />

<asp:TextBox ID="TextBoxCopy" runat="server"

onMouseDown="DisableRightClick(event)"> </asp:TextBox><br />

<br /> <strong>Ctrl key </strong>disabled<br />

<asp:TextBox ID="TextBox2" runat="server"

onKeyDown="return DisableCtrlKey(event)">

</asp:TextBox><br /><br />


So, this was for now.. I will be updating more, once I test more methods to restrict the Firefox security options. Note that any update to Firefox will wipe of any changes you made to browser.jar, so its dead essential that you ensure that user might not have permissions to update Firefox. Watch out for security rights as well.

photo of Nitish KumarNitish Kumar

Now you can read updates from this blog delivered directly to your Nokia Smart Phone, download it here

Digg This
Advertisements

Author: Nitish Kumar

I love to write and raising voice, sharing thought and heated debate is a kind of passion for me. Jobwise I am just another Computer professional handling Infra and designing solutions for a big Indian Media house but I love to write, sketch, photography and a lot more.

14 thoughts on “Restricting Browsing with Mozilla Firefox for Business Scenario”

  1. Hi Nitish
    Nice information but it doesn’t work with latest versions. Can you let me know if there is any solution for current versions. because that file (browser.js) is not available in latest versions.

  2. Hi Nitesh,SumanB.Singh,

    Still m looking for solution in lattest version . browse.js not found in Firefox lattest version .
    I there any other way to restricted local drive on FF.

    Regards @ Dev

  3. Have you ever thought about writing an e-book or guest authoring on other websites?
    I have a blog centered on the same subjects you discuss and would love
    to have you share some stories/information. I know my readers
    would value your work. If you’re even remotely interested,
    feel free to shoot me an e mail.

  4. What’s Taking place i am new to this, I stumbled upon this I
    have found It absolutely helpful and it has aided me out loads.
    I hope to give a contribution & help different users like its
    helped me. Great job.

  5. I’m really loving the theme/design of your weblog.

    Do you ever run into anny web browser compatibility problems?

    A small number of my blog visitors have complained
    about my website not working correctly in Explorer but
    looks great in Firefox. Do you have any recommendations
    to help fix this issue?

  6. I model escorts Delhi, Independent Escort always remain free for you. so please come fast and make me feel comfortable by taking care of the body from you own hands and please grab me tightly so that i can also feel the hardness and warmth which is found only in some of the handsome man which are very much hard to find and to find that particular love and man hood

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s