Url Filtering Problems

Unanswered Question
Aug 2nd, 2009


I have successfully used the local filtering capabilities of the 2811 router to setup a filter to block from different subnets or even within the same subnet depending on IP via the zone inside to outside type of policy.

The issue I am having is that it seems to be not loading some pages correctly.

Has anyone experienced this issue before.

Below is the config I have on the router as a test.

parameter-map type urlfpolicy local urlfilterrules

alert off

allow-mode on

block-page message "URL is blocked by local-filters"

parameter-map type urlf-glob PermittedSites

pattern *

parameter-map type urlf-glob livejournal

pattern livejournal.com

pattern *.livejournal.com

parameter-map type urlf-glob youtube

pattern youtube.com

pattern *.youtube.com

parameter-map type urlf-glob ebay

pattern ebay.com

pattern *.ebay.com

pattern *.ebay.com.*

pattern ebay.com.*

parameter-map type urlf-glob facebook

pattern facebook.com

pattern *.facebook.com

parameter-map type urlf-glob myspace

pattern *.myspace.com

pattern myspace.com

parameter-map type urlf-glob flickr

pattern *.flickr.com

pattern flickr.com

parameter-map type urlf-glob bebo

pattern *.bebo.com

pattern bebo.com

parameter-map type urlf-glob twitter

pattern *.twitter.com

pattern twitter.com

pattern *.twitter.com.au

pattern twitter.com.au

class-map type urlfilter match-any PermittedSites

match server-domain urlf-glob PermittedSites

class-map type inspect match-all http-deny

match protocol http

match access-group name httpdeny

class-map type inspect match-all ip-any

match access-group name test

class-map type inspect match-all http-allow

match protocol http

match access-group name httpallow

class-map type urlfilter match-any urlfilterlist

match server-domain urlf-glob livejournal

match server-domain urlf-glob youtube

match server-domain urlf-glob ebay

match server-domain urlf-glob facebook

match server-domain urlf-glob myspace

match server-domain urlf-glob flickr

match server-domain urlf-glob bebo

match server-domain urlf-glob twitter



policy-map type inspect urlfilter allow-blockurl

parameter type urlfpolicy local urlfilterrules

class type urlfilter urlfilterlist



class type urlfilter PermittedSites



policy-map type inspect httpaccesspmap

class type inspect http-allow


class type inspect http-deny


service-policy urlfilter allow-blockurl

class type inspect ip-any


class class-default



zone security inside

zone security outside

zone-pair security inside-to-outside source inside destination outside

service-policy type inspect httpaccesspmap

interface FastEthernet0/0

ip address

zone-member security outside


interface FastEthernet0/1

ip address

zone-member security inside

ip access-list extended NatList

permit ip any

ip access-list extended httpallow

ip access-list extended httpdeny

permit ip any

ip access-list extended test

permit ip any any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Fri, 08/07/2009 - 05:46

You can use these commands in order to verify your configuration.

show ip urlfilter statistics -Shows information and statistics about the filtering server.

show ip urlfilter cache

show ip urlfilter filter config -Shows the filtering configuration

gadgetjod25 Sun, 08/09/2009 - 17:04

Thanks for the reply. I will give this a go and let you know if it helps me with my problem.

gadgetjod25 Sun, 08/09/2009 - 17:26

Ah I just realised one issue. When I use the allowed group it doesnt use the urfilter yet I have similar issues. Any other ideas at all ?


This Discussion