Block certain websites in cisco 877

gridit007 · ‎09-22-2010

Hi,

Wondering if some one can help with the following issue.

Is there a possiblity to block certain websites in Cisco 877w? or to block access to internet for LAN users on certain search keywords such as "holiday deals" etc? If so then can i have some help how to achive it on above mentioned router

best regards

gatlin007 · ‎09-25-2010

I don't know of a router feature that would prevent searches for key words.

However you can build a policy map that evaluates a class map that in turn looks for regular expressions in the http URL and headers. This is highly dependant on the hardware, feature set and IOS version. Use the Cisco feature navigator or contact a sales engineer to see if this would be available for you.

The 'match protocol http' command reference follows:

#########

match protocol http

To configure Network-Based Application Recognition (NBAR) to match HTTP traffic by URL, host, Multipurpose Internet Mail Extension (MIME) type, or fields in HTTP packet headers, use the match protocol http command in class-map configuration mode. To disable NBAR from matching HTTP traffic by URL, host, or MIME type, or fields in HTTP packet headers, use the no form of this command.

Cisco IOS Release 12.4(24)T and Earlier Releases, Cisco IOS Release 12.2(33)SRA, Cisco IOS Release 12.2(14)S and Later Releases

match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field c-header-field-string | s-header-field s-header-field-string]

no match protocol http [url url-string | host hostname-string | mime MIME-type | c-header-field c-header-field-string | s-header-field s-header-field-string]

Cisco IOS Release 15.1(2)T, Cisco IOS XE Release 3.1S and Later Releases and Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine

Syntax Description


url	(Optional) Specifies matching by a URL.
url-string	(Optional) User-specified URL of HTTP traffic to be matched.
host	(Optional) Specifies matching by a hostname.
hostname-string	(Optional) User-specified hostname to be matched.
mime	(Optional) Specifies matching by a MIME text string.
MIME-type	(Optional) User-specified MIME text string to be matched.
c-header-field	(Optional) Specifies matching by a string in the header field in HTTP client messages. Note HTTP client messages are often called HTTP request messages.
c-header-field-string	(Optional) User-specified text string within the HTTP client message (HTTP request message) to be matched.
s-header-field	(Optional) Specifies matching by a string in the header field in the HTTP server messages Note HTTP server messages are often called HTTP response messages.
s-header-field-string	(Optional) User-specified text within the HTTP server message (HTTP response message) to be matched.
Cisco IOS 15.1(2)T and Later Releases and Catalyst 6500 Series Switch Equipped with the Supervisor 32/PISA Engine
content-encoding	(Optional) Specifies matching by the encoding mechanism used to package the entity body.
content-encoding-name-string	(Optional) User-specified content-encoding name.
from	(Optional) Specifies matching by the e-mail address of the person controlling the user agent.
from-address-string	(Optional) User-specified e-mail address.
location	(Optional) Specifies matching by the exact location of the resource from request.
location-name-string	(Optional) User-specified location of the resource.
referer	(Optional) Specifies matching by the address from which the resource request was obtained.
referer-address-name-string	(Optional) User-specified address of the referer resource.
server	(Optional) Specifies matching by the software used by the origin server handling the request.
server-software-name-string	(Optional) User-specified software name.
user-agent	(Optional) Specifies matching by the software used by the agent sending the request.
user-agent-software-name-string	(Optional) User-specified name of the software used by the agent sending the request.

Command Default

NBAR does not match HTTP traffic by URL, host, MIME type, or fields in HTTP packet headers.

Command Modes

Class-map configuration (config-cmap)

Command History


Release	Modification
12.0(5)XE2	This command was introduced.
12.1(1)E	This command was integrated into Cisco IOS Release 12.1(1)E.
12.1(2)E	This command was modified to include the hostname-string argument.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.1(13)E	This command became available on Catalyst 6000 family switches without FlexWAN modules.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(17a)SX1	This command was integrated into Cisco IOS Release 12.2(17a)SX1.
12.3(4)T	This command was integrated into Cisco IOS Release 12.3(4)T, and the NBAR Extended Inspection for HTTP Traffic feature was introduced. This feature allows NBAR to scan TCP ports that are not well known and to identify HTTP traffic traversing these ports.
12.4(2)T	The command was integrated into Cisco IOS Release 12.4(2)T and was modified to include the c-header-field c-header-field-string and s-header-field s-header-field-string keywords and arguments.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(18)ZY2	This command was integrated into Cisco IOS Release 12.2(18)ZY2, and support was provided for the Catalyst 6500 series switch that is equipped with the Supervisor 32/PISA engine. Note For this Cisco IOS release and this platform, the c-header-field c-header-field-string and s-header-field s-header-field-string keywords and arguments are not available. To achieve the same functionality, use the individual keywords and arguments as shown in the syntax for the Catalyst 6500 series switch.
15.1(2)T	This command was modified. Support for the c-header-field c-header-field-string and s-header-field s-header-field-string keywords and arguments was removed. The content-encoding, from, location, referrer, and user-agent keywords and respective arguments were added.
Cisco IOS XE Release 3.1S	This command was integrated into Cisco IOS XE Release 3.1S.

Usage Guidelines

Classification of HTTP Traffic by Host, URL, or MIME

In Cisco IOS Release 12.3(4)T, the NBAR Extended Inspection for HTTP Traffic feature was introduced. This feature allows NBAR to scan TCP ports that are not well-known and that identify HTTP traffic traversing these ports. This feature is enabled automatically when a service policy containing the match protocol http command is attached to an interface.

When matching by MIME type, the MIME type can contain any user-specified text string. See the following web page for the IANA-registered MIME types:

http://www.iana.org/assignments/media-types/

When matching by MIME type, NBAR matches a packet containing the MIME type and all subsequent packets until the next HTTP transaction.

When matching by host, NBAR performs a regular expression match on the host field contents inside the HTTP packet and classifies all packets from that host.

HTTP client request matching supports GET, PUT, HEAD, POST, DELETE, OPTIONS, CONNECT, and TRACE. When matching by URL, NBAR recognizes the HTTP packets containing the URL and then matches all packets that are part of the HTTP request. When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html with the match statement (for instance, match protocol http url /latest/whatsnew.html).

Note For Cisco IOS Release 12.2(18)ZY2 (and later releases) on the Cisco Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA, up to 56 parameters or subclassifications per protocol per router can be specified with the match protocol http command. These parameters or subclassifications can be a combination of any of the available match choices, such as host matches, MIME matches, server matches, and URL matches. For other Cisco IOS releases and platforms, the maximum is 24 parameters or subclassifications per protocol per router.

To match the www.anydomain.com portion, use the hostname matching feature. The parameter specification strings can take the form of a regular expression with the following options.


Option	Description
*	Match any zero or more characters in this position.
?	Match any one character in this position.
\|	Match one of a choice of characters.
(\|)	Match one of a choice of characters in a range. For example cisco.(gif \| jpg) matches either cisco.gif or cisco.jpg.
[ ]	Match any character in the range specified, or one of the special characters. For example, [0-9] is all of the digits. [] is the "" character and [[] is the "[" character.

Classification of HTTP Header Fields

In Cisco IOS Release 12.3(11)T, NBAR introduced expanded ability for users to classify HTTP traffic using information in the HTTP Header Fields.

HTTP works using a client/server model: HTTP clients open connections by sending a request message to an HTTP server. The HTTP server then returns a response message to the HTTP client (this response message is typically the resource requested in the request message from the HTTP client). After delivering the response, the HTTP server closes the connection and the transaction is complete.

HTTP header fields are used to provide information about HTTP request and response messages. HTTP has numerous header fields. For additional information on HTTP headers, see section 14 of RFC 2616: Hypertext Transfer Protocol—HTTP/1.1. This document can be read at the following URL:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html