Seb Rupik Tue, 07/30/2013 - 01:47
User Badges:
  • Silver, 250 points or more

Hi Rawa,

URL filtering is what you're after, but this is only availble on applicances which offer packet inspection allowing you to filter using regular expressions to pick out certain URLs.


The closest you will be able to achieve with a switch is to find the IPs of the URLs you wish to deny access to (I assume that's what you want to do?) and set up an ACL on the switchport connecting to your uplink. The ACL would be created to deny all IP traffic to the hosts you specify.


!

inteface gi1/0/1

desc uplink port

ip access-group urls_I_dont_like in

!

ip access-list ext urls_i_dont_like

deny tcp any host 173.194.34.81 eq www

deny tcp any host 173.194.34.82 eq www

permit tcp any any

!


...this would block HTTP access to the two hosts specified, and allow all other traffic. If you want to block all IP traffic to the hosts use this instead:


deny ip any host 173.194.34.81



cheers,

Seb.

Thiyagu VG Tue, 07/30/2013 - 01:49
User Badges:

It depends on, which platform you are going to set it up.

Could you share the platform details and the exact requirement.


Depends on you requirement you can go with URL Filtering or Cisco New Content Filtering.


More info refer: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/prod_qas0900aecd804abb06.html


You can refere few cisco documents to get more details about it.


http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/filter_f.html


http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/24/software/user/guide/URLftr.html


Thanks,

ThiyaguVG.

Actions

This Discussion