cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
0
Helpful
3
Replies

Url Filtering Problems

gadgetjod25
Level 1
Level 1

Hi,

I have successfully used the local filtering capabilities of the 2811 router to setup a filter to block from different subnets or even within the same subnet depending on IP via the zone inside to outside type of policy.

The issue I am having is that it seems to be not loading some pages correctly.

Has anyone experienced this issue before.

Below is the config I have on the router as a test.

parameter-map type urlfpolicy local urlfilterrules

alert off

allow-mode on

block-page message "URL is blocked by local-filters"

parameter-map type urlf-glob PermittedSites

pattern *

parameter-map type urlf-glob livejournal

pattern livejournal.com

pattern *.livejournal.com

parameter-map type urlf-glob youtube

pattern youtube.com

pattern *.youtube.com

parameter-map type urlf-glob ebay

pattern ebay.com

pattern *.ebay.com

pattern *.ebay.com.*

pattern ebay.com.*

parameter-map type urlf-glob facebook

pattern facebook.com

pattern *.facebook.com

parameter-map type urlf-glob myspace

pattern *.myspace.com

pattern myspace.com

parameter-map type urlf-glob flickr

pattern *.flickr.com

pattern flickr.com

parameter-map type urlf-glob bebo

pattern *.bebo.com

pattern bebo.com

parameter-map type urlf-glob twitter

pattern *.twitter.com

pattern twitter.com

pattern *.twitter.com.au

pattern twitter.com.au

class-map type urlfilter match-any PermittedSites

match server-domain urlf-glob PermittedSites

class-map type inspect match-all http-deny

match protocol http

match access-group name httpdeny

class-map type inspect match-all ip-any

match access-group name test

class-map type inspect match-all http-allow

match protocol http

match access-group name httpallow

class-map type urlfilter match-any urlfilterlist

match server-domain urlf-glob livejournal

match server-domain urlf-glob youtube

match server-domain urlf-glob ebay

match server-domain urlf-glob facebook

match server-domain urlf-glob myspace

match server-domain urlf-glob flickr

match server-domain urlf-glob bebo

match server-domain urlf-glob twitter

!

!

policy-map type inspect urlfilter allow-blockurl

parameter type urlfpolicy local urlfilterrules

class type urlfilter urlfilterlist

reset

log

class type urlfilter PermittedSites

allow

log

policy-map type inspect httpaccesspmap

class type inspect http-allow

inspect

class type inspect http-deny

inspect

service-policy urlfilter allow-blockurl

class type inspect ip-any

inspect

class class-default

drop

!

zone security inside

zone security outside

zone-pair security inside-to-outside source inside destination outside

service-policy type inspect httpaccesspmap

interface FastEthernet0/0

ip address 192.168.50.203 255.255.255.0

zone-member security outside

!

interface FastEthernet0/1

ip address 10.10.10.1 255.255.255.0

zone-member security inside

ip access-list extended NatList

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended httpallow

ip access-list extended httpdeny

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended test

permit ip any any

3 Replies 3

Not applicable

You can use these commands in order to verify your configuration.

show ip urlfilter statistics -Shows information and statistics about the filtering server.

show ip urlfilter cache

show ip urlfilter filter config -Shows the filtering configuration

Thanks for the reply. I will give this a go and let you know if it helps me with my problem.

Ah I just realised one issue. When I use the allowed group it doesnt use the urfilter yet I have similar issues. Any other ideas at all ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: