IP UrlFiltering Question

Unanswered Question
Oct 6th, 2008

Is there a way to display a web page that states that the url was blocked by the corporate policy instead of the You are not Authorized. We would like to make sure the users are clear on why there were not able to access the specific website. This a 2800 series ISR using a local url site list.

Thanks,

Joe

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
sadbulali Fri, 10/10/2008 - 07:25

The user provisions URL filtering on the ISR by selecting categories of websites to be permitted or blocked. An external server, maintained by a 3rd party, will be used to check for URLs in each category. Permit and deny policies are maintained on the ISR. The service is subscription based, and the URLs in each category are maintained by the 3rd party vendor.

Refer the url below for more information on URL filtering:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_url_filtering.html

joeharb Fri, 10/10/2008 - 07:40

Per the orinal post "This a 2800 series ISR using a local url site list."

We are defining specific sites,facebook.com and so forth...we would like to determine if there is way we can return a banner or web page from the ISR that states that they were blocked...their is no 3rd party external server involved. We are currently able to block the sites but it returns a default "You are not Authorized Page"..we would like to return a page explaining that this was blocked due to company policy.

Thanks,

Joe

mhellman Fri, 10/10/2008 - 09:26

Perhaps you already know this, but FWIW you won't be able to stop users from hitting https://www.facebook.com unless you block the IP address. The same would apply for any URL you're trying to block.

ajagadee Fri, 10/10/2008 - 08:16

Joe,

I haven't tested in the lab but hopefully you will find the below information useful.

Parameter-Map Command: parameter-map type urlfpolicy trend

Block-page {[message ] | [redirect-url ]}: Use this command to customize the information displayed when a URL is blocked by the firewall. The default for this value is a preconfigured string, which simply indicates that the user is not authorized to access the URL.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/white_paper_c89-492776.html

Just CLI Commands from a Lab Chassis.

2821(config)#parameter-map type urlfpolicy local TEST

2821(config-profile)#block-page message WE-ARE-MONITORING-YOU-HAHAHA

Regards,

Arul

** Please rate all helpful posts **

joeharb Fri, 10/10/2008 - 12:46

Thanks for the post...I tried the commands and they didn't take...block-page is not valid...

here is how the config looks for the block pages...:

ip urlfilter allow-mode on

ip urlfilter exclusive-domain deny .com.br

ip urlfilter exclusive-domain deny .thenoobcomic.com

ip urlfilter exclusive-domain deny .snapfish.com

ip urlfilter exclusive-domain deny .blog.wired.com

ip urlfilter exclusive-domain deny .jibjab.com

ip urlfilter exclusive-domain deny .eyewonder.com......

I have looked and can't find the block-page command...any suggestions...

Thanks,

Joe

Actions

This Discussion