how to block youtube & facebook from cisco router ??

Unanswered Question
Oct 30th, 2012

hi ,

im wondering how to block both youtube & facebook

actually i dont knwo which method is perfect ,

block the ips of sites ???

or block the http & https  traffic ====>to youtube & facebook

i have another difficulty  which is, how to know the ips of youtube and  facebook

plz advice abut the best method to  block them

regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4.2 (5 ratings)
dominic.caron Tue, 10/30/2012 - 05:50

Hi,

You can block it using IPs with an ACL. Problem is you will have to maintain it.

You can block the url with an ACL  but the router only do the url-to-IP conversion on creation...maintaining this will be a problem.

Best way to go is to use a of web filtering device...

If you have internal DNS servers, would could put fake information in it for facebook.com and youtube.com. User will have to type the real IP in the browser to get to the website.

Ahmed Alzaeem Tue, 10/30/2012 - 05:52

hi , assume i want to block ips

how to know the ip range of youtube & facebook ??

regards

dominic.caron Tue, 10/30/2012 - 06:02

The problem is youtube is mixed up with google...It's realy not a good idea to go with IP. Do you have the license for NBAR on your router, You could try to classify it and then dropping it with MQC. Never did it so I dont know how effective it would be.

Cadet Alain Tue, 10/30/2012 - 06:12

Hi,

do what  ,  the filtering ?

Regards.

Alain

Don't forget to rate helpful posts.

m-mostafa@23 Tue, 10/30/2012 - 06:43

the best way to block youtube and facebook is a class-map and poliy-map

you can block those sites by name www.youtube.com & facebook also any site

Cadet Alain Tue, 10/30/2012 - 06:51

Hi,

unfortunately it won't work for facebook as it is https, I also did the same mistake when answering another thread for url filtering.

Regards.

Alain

Don't forget to rate helpful posts.

Ahmed Alzaeem Tue, 10/30/2012 - 06:59

ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.4(4)XD, RELEASE SOFTWARE (fc1)

router7200 uptime is 1 week, 2 days, 22 hours, 33 minutes

System returned to ROM by power-on

System restarted at 18:22:37 GMT+3 Sat Oct 20 2012

System image file is "disk2:c7200p-advipservicesk9-mz.124-24.T4.bin"

============================

here is my config :

i read about classmap  can do it ,

but it is only applied to http , not to https !!!!

========================================

agian , i blocked some youtube ips and i faced a slow in youtube and some pages are not being opened

========

does my ios can do  the filtering ??

i dont want to block from dns .

regards

dominic.caron Tue, 10/30/2012 - 07:55

Look at this discussion, your are hitting the same problem and the solution sould be the same.

https://supportforums.cisco.com/thread/2141209

You need a proxy to open up the encrypted data. I've also done it with an IPS by intercepting the certificate itself and droping the connection.

To find all of youtube IPs, you will have to do a lot of query from differents places. They use DNS to do some global load balancing. A few whois query will not do the trick here. Also, be careful with blocking IPs, I've noticed that some youtube traffic originating from caching network like Akamai.

Ahmed Alzaeem Wed, 10/31/2012 - 02:33

hi ,

thanks all for ur reply ,

@dominic ,

i will try to apply the method u suggested

regards

m-mostafa@23 Wed, 10/31/2012 - 04:17

yes you are right about the HTTPS

BUT it is working perfect for any HTTP traffic

Actions

Login or Register to take actions

This Discussion

Posted October 30, 2012 at 5:39 AM
Stats:
Replies:15 Avg. Rating:4.2
Views:3709 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,730
4 7,083
5 6,742
Rank Username Points
160
82
70
69
55