Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

block by domain name via GUI?

rocker311
Level 1
Level 1

‎08-10-2007 06:37 AM - edited ‎03-11-2019 03:56 AM

Hi guys - duh question.

Trying to block in and out traffic from a domain (super-servers.net, actually.) Want to do it by domain as opposed to IP, under the assumption that these boneheads will shift IP addys frequently.

Went into the ASDM, went to add rule, but it'll only let me do a rule via IP or via interface.

So how do I block a domain?

-jimr

c1001ess n00b

Labels:
0 Helpful
1 Reply 1

srue
Level 7
Level 7

‎08-10-2007 08:59 AM

you need a 3rd party URL filter software app. NH2 or websense.

or if you have an IOS router in place, you can use policy-maps. there might be other ways, but I don't know them.

class-map match-any url-block

description TEST FOR URL FILTERING

match protocol http host "*super-servers.net"

!

policy-map url-filter

class url-block

set ip dscp 1

!

Then create (or add an entry) an ACL to deny any any dscp 1.

apply the ACL, apply the policy map.

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card