block by domain name via GUI?

Unanswered Question
Aug 10th, 2007
User Badges:

Hi guys - duh question.


Trying to block in and out traffic from a domain (super-servers.net, actually.) Want to do it by domain as opposed to IP, under the assumption that these boneheads will shift IP addys frequently.


Went into the ASDM, went to add rule, but it'll only let me do a rule via IP or via interface.


So how do I block a domain?


-jimr

c1001ess n00b

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Fri, 08/10/2007 - 08:59
User Badges:
  • Blue, 1500 points or more

you need a 3rd party URL filter software app. NH2 or websense.

or if you have an IOS router in place, you can use policy-maps. there might be other ways, but I don't know them.


class-map match-any url-block

description TEST FOR URL FILTERING

match protocol http host "*super-servers.net"

!

policy-map url-filter

class url-block

set ip dscp 1

!

Then create (or add an entry) an ACL to deny any any dscp 1.

apply the ACL, apply the policy map.


http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

Actions

This Discussion