07-12-2008 04:29 PM - edited 03-11-2019 06:13 AM
hi, Is there anything through which it could be possible to block the webpage instead of making access list into FW as other FW has same feature. Thanks
Solved! Go to Solution.
07-13-2008 05:14 AM
first of all here in neyPro we use rating for helpful post
so please, rate for each help helpful post !
and about limiting u can use policing with policy maps
as fowllow
make and acl matching the particular user ip traffic or any spisific type of traffic
access-list 100 permit ip host (user ip) any
then
class-map limit-class
match access-list 100
policy-map limit-policy
class limit-class
police input 20000 confirm-action transmit exceed-action drop
then apply it to ur inside einterface to limit the outbound traffic for that user
service-policy limit-policy interface inside
remember u can have one policy on each interface per direction
so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy
good luck and rate if helpful
let me know if its worked
07-12-2008 05:26 PM
sure u can
this is example to u to block yahoo.com
regex web1 "\.yahoo\.com"
make acl to match the direction from where to where the traffic for this url to be block
lets say from inside to outside toward the internet
access-list url-acl extended permit tcp (ur inside network with mask) any eq www
class-map type regex match-any url-lists
match regex web1
(and u can add more regex matching here)
then
class-map type inspect http match-all url-block
match request header host regex class url-lists
class-map httptraffic
match access-list url-acl
policy-map type inspect http http-policy
class url-block
reset log
policy-map url-block-policy
class httptraffic
inspect http http-policy
then apply it to the source of your trafffic as we assumed the inside interface
sevice-policy url-block-policy interface inside
becarefull with matching statements any mistake may lead to not blocking
and becarefull also with the REGEX
good luck
Please Rate if helpful
07-13-2008 03:16 AM
Thanks for this valuable information. I appreciate. Now I want to fix downloding bandthwidth on the users. We have a 1MB link 1:1 ratio and I want that a particular user could able only to use upto 20 kb but not higher. Is there any solution??? Thnks.
07-13-2008 05:14 AM
first of all here in neyPro we use rating for helpful post
so please, rate for each help helpful post !
and about limiting u can use policing with policy maps
as fowllow
make and acl matching the particular user ip traffic or any spisific type of traffic
access-list 100 permit ip host (user ip) any
then
class-map limit-class
match access-list 100
policy-map limit-policy
class limit-class
police input 20000 confirm-action transmit exceed-action drop
then apply it to ur inside einterface to limit the outbound traffic for that user
service-policy limit-policy interface inside
remember u can have one policy on each interface per direction
so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy
good luck and rate if helpful
let me know if its worked
07-13-2008 06:24 AM
Can u send me a any link of example, if possible. Thanks
07-13-2008 06:31 AM
use this link
i think good usefull
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml
good luck
07-13-2008 06:39 AM
Thanks, I appreciate... Are you from India?
07-13-2008 06:40 AM
no, and good luck
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide