08-26-2008 06:26 AM - edited 03-11-2019 06:36 AM
I have cisco 38xx series with ios 12.4(2)T6
I am trying to block specific extension and specific url so that users cant access/download.
I did the following configuration but only youtube is not working rest all downloading and url are working fine.
class-map match-any p2p
match protocol fasttrack file-transfer "*"
match protocol gnutella file-transfer "*"
match protocol bittorrent
class-map match-any youtube
match protocol http url "*youtube*"
match protocol http host "*youtube.com"
match protocol http url "*kh.google.com*"
match protocol http url "*pakiztan.tv*"
match protocol http url "*pakiztan*"
match access-group name webblock
match protocol http url "*.rar*"
match protocol http url "*.zip*"
match protocol http url "*.exe*"
match protocol http url "*www.pakisztan.tv*"
match protocol http url "*www.pakiztan.tv*"
match protocol http url "*.flv*"
match protocol http url "*.avi*"
match protocol http url "*.mpg*"
match protocol http url "*.mpeg*"
match protocol http url "*.mp33*"
match protocol http url ".exe*"
match protocol http url ".zip*"
match protocol http url ".flv*"
match protocol http url ".mpg*"
!
!
policy-map p2p
class p2p
drop
class youtube
drop
ip access-list extended webblock
deny udp any any eq 554
deny tcp any any eq 2979
deny udp any any eq 2979
deny tcp any any eq 1790
deny udp any any eq 1790
deny tcp any any eq 1755
deny udp any any eq 1755
deny tcp any any eq 1736
deny udp any any eq 1736
deny tcp any any eq 537
deny udp any any eq 537
deny tcp any any eq 554
interface GigabitEthernet0/1
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation auto
service-policy input p2p
Pleaes tell me how to block the users from downloading etc.
08-26-2008 06:56 AM
ur config should be somthing like:
parameter-map type regex url1
pattern [\.yahoo\.com]
class-map type inspect http urlclass1
match req-resp header regex url1
policy-map type inspect http policy1
class type inspect http urlclass1
reset
then apply the policy
above only example
u have more flexibality and i am not sure 100% from the regex pattren avove but should be like that to some extend
have a llok at the following link
search for regex ketword and see it config]
http://www.cisco.com/application/pdf/paws/98628/zone-design-guide.pdf
good luck
please, if helpful Rate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide