Block Web Sites

Answered Question
Jul 12th, 2008
User Badges:

hi, Is there anything through which it could be possible to block the webpage instead of making access list into FW as other FW has same feature. Thanks

Correct Answer by Marwan ALshawi about 9 years 1 week ago

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !


and about limiting u can use policing with policy maps


as fowllow


make and acl matching the particular user ip traffic or any spisific type of traffic


access-list 100 permit ip host (user ip) any


then

class-map limit-class

match access-list 100


policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop


then apply it to ur inside einterface to limit the outbound traffic for that user


service-policy limit-policy interface inside


remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy


good luck and rate if helpful


let me know if its worked



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marwan ALshawi Sat, 07/12/2008 - 17:26
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

sure u can

this is example to u to block yahoo.com


regex web1 "\.yahoo\.com"


make acl to match the direction from where to where the traffic for this url to be block

lets say from inside to outside toward the internet


access-list url-acl extended permit tcp (ur inside network with mask) any eq www


class-map type regex match-any url-lists

match regex web1


(and u can add more regex matching here)


then


class-map type inspect http match-all url-block

match request header host regex class url-lists


class-map httptraffic

match access-list url-acl


policy-map type inspect http http-policy

class url-block

reset log


policy-map url-block-policy

class httptraffic

inspect http http-policy


then apply it to the source of your trafffic as we assumed the inside interface


sevice-policy url-block-policy interface inside


becarefull with matching statements any mistake may lead to not blocking

and becarefull also with the REGEX


good luck

Please Rate if helpful

ray_stone Sun, 07/13/2008 - 03:16
User Badges:

Thanks for this valuable information. I appreciate. Now I want to fix downloding bandthwidth on the users. We have a 1MB link 1:1 ratio and I want that a particular user could able only to use upto 20 kb but not higher. Is there any solution??? Thnks.

Correct Answer
Marwan ALshawi Sun, 07/13/2008 - 05:14
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !


and about limiting u can use policing with policy maps


as fowllow


make and acl matching the particular user ip traffic or any spisific type of traffic


access-list 100 permit ip host (user ip) any


then

class-map limit-class

match access-list 100


policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop


then apply it to ur inside einterface to limit the outbound traffic for that user


service-policy limit-policy interface inside


remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy


good luck and rate if helpful


let me know if its worked



ray_stone Sun, 07/13/2008 - 06:24
User Badges:

Can u send me a any link of example, if possible. Thanks

Marwan ALshawi Sun, 07/13/2008 - 06:40
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

no, and good luck

Actions

This Discussion