Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
7
Replies

Block Web Sites

Go to solution
ray_stone
Level 1
Level 1

‎07-12-2008 04:29 PM - edited ‎03-11-2019 06:13 AM

hi, Is there anything through which it could be possible to block the webpage instead of making access list into FW as other FW has same feature. Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to ray_stone

‎07-13-2008 05:14 AM

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !

and about limiting u can use policing with policy maps

as fowllow

make and acl matching the particular user ip traffic or any spisific type of traffic

access-list 100 permit ip host (user ip) any

then

class-map limit-class

match access-list 100

policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop

then apply it to ur inside einterface to limit the outbound traffic for that user

service-policy limit-policy interface inside

remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy

good luck and rate if helpful

let me know if its worked

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎07-12-2008 05:26 PM

sure u can

this is example to u to block yahoo.com

regex web1 "\.yahoo\.com"

make acl to match the direction from where to where the traffic for this url to be block

lets say from inside to outside toward the internet

access-list url-acl extended permit tcp (ur inside network with mask) any eq www

class-map type regex match-any url-lists

match regex web1

(and u can add more regex matching here)

then

class-map type inspect http match-all url-block

match request header host regex class url-lists

class-map httptraffic

match access-list url-acl

policy-map type inspect http http-policy

class url-block

reset log

policy-map url-block-policy

class httptraffic

inspect http http-policy

then apply it to the source of your trafffic as we assumed the inside interface

sevice-policy url-block-policy interface inside

becarefull with matching statements any mistake may lead to not blocking

and becarefull also with the REGEX

good luck

Please Rate if helpful

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to Marwan ALshawi

‎07-13-2008 03:16 AM

Thanks for this valuable information. I appreciate. Now I want to fix downloding bandthwidth on the users. We have a 1MB link 1:1 ratio and I want that a particular user could able only to use upto 20 kb but not higher. Is there any solution??? Thnks.

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to ray_stone

‎07-13-2008 05:14 AM

first of all here in neyPro we use rating for helpful post

so please, rate for each help helpful post !

and about limiting u can use policing with policy maps

as fowllow

make and acl matching the particular user ip traffic or any spisific type of traffic

access-list 100 permit ip host (user ip) any

then

class-map limit-class

match access-list 100

policy-map limit-policy

class limit-class

police input 20000 confirm-action transmit exceed-action drop

then apply it to ur inside einterface to limit the outbound traffic for that user

service-policy limit-policy interface inside

remember u can have one policy on each interface per direction

so if u have configured the prevous one for web url filtering u have to add the class-map and this policy config to the same prevous policy

good luck and rate if helpful

let me know if its worked

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to Marwan ALshawi

‎07-13-2008 06:24 AM

Can u send me a any link of example, if possible. Thanks

0 Helpful

Go to solution
ray_stone
Level 1
Level 1
In response to Marwan ALshawi

‎07-13-2008 06:39 AM

Thanks, I appreciate... Are you from India?

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni
In response to ray_stone

‎07-13-2008 06:40 AM

no, and good luck

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card