Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
5
Helpful
5
Replies

IP UrlFiltering Question

joeharb
Level 5
Level 5

‎10-06-2008 01:29 PM - edited ‎03-09-2019 09:37 PM

Is there a way to display a web page that states that the url was blocked by the corporate policy instead of the You are not Authorized. We would like to make sure the users are clear on why there were not able to access the specific website. This a 2800 series ISR using a local url site list.

Thanks,

Joe

Labels:
0 Helpful
5 Replies 5

sadbulali
Level 4
Level 4

‎10-10-2008 07:25 AM

The user provisions URL filtering on the ISR by selecting categories of websites to be permitted or blocked. An external server, maintained by a 3rd party, will be used to check for URLs in each category. Permit and deny policies are maintained on the ISR. The service is subscription based, and the URLs in each category are maintained by the 3rd party vendor.

Refer the url below for more information on URL filtering:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_url_filtering.html

joeharb
Level 5
Level 5
In response to sadbulali

‎10-10-2008 07:40 AM

Per the orinal post "This a 2800 series ISR using a local url site list."

We are defining specific sites,facebook.com and so forth...we would like to determine if there is way we can return a banner or web page from the ISR that states that they were blocked...their is no 3rd party external server involved. We are currently able to block the sites but it returns a default "You are not Authorized Page"..we would like to return a page explaining that this was blocked due to company policy.

Thanks,

Joe

0 Helpful

mhellman
Level 7
Level 7
In response to joeharb

‎10-10-2008 09:26 AM

Perhaps you already know this, but FWIW you won't be able to stop users from hitting https://www.facebook.com unless you block the IP address. The same would apply for any URL you're trying to block.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎10-10-2008 08:16 AM

Joe,

I haven't tested in the lab but hopefully you will find the below information useful.

Parameter-Map Command: parameter-map type urlfpolicy trend

Block-page {[message ] | [redirect-url ]}: Use this command to customize the information displayed when a URL is blocked by the firewall. The default for this value [[ok? otherwise pls put another noun]] is a preconfigured string, which simply indicates that the user is not authorized to access the URL.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/white_paper_c89-492776.html

Just CLI Commands from a Lab Chassis.

2821(config)#parameter-map type urlfpolicy local TEST

2821(config-profile)#block-page message WE-ARE-MONITORING-YOU-HAHAHA

Regards,

Arul

** Please rate all helpful posts **

joeharb
Level 5
Level 5
In response to ajagadee

‎10-10-2008 12:46 PM

Thanks for the post...I tried the commands and they didn't take...block-page is not valid...

here is how the config looks for the block pages...:

ip urlfilter allow-mode on

ip urlfilter exclusive-domain deny .com.br

ip urlfilter exclusive-domain deny .thenoobcomic.com

ip urlfilter exclusive-domain deny .snapfish.com

ip urlfilter exclusive-domain deny .blog.wired.com

ip urlfilter exclusive-domain deny .jibjab.com

ip urlfilter exclusive-domain deny .eyewonder.com......

I have looked and can't find the block-page command...any suggestions...

Thanks,

Joe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents