Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

block by domain name via GUI?

Hi guys - duh question.

Trying to block in and out traffic from a domain (super-servers.net, actually.) Want to do it by domain as opposed to IP, under the assumption that these boneheads will shift IP addys frequently.

Went into the ASDM, went to add rule, but it'll only let me do a rule via IP or via interface.

So how do I block a domain?

-jimr

c1001ess n00b

1 REPLY
Gold

Re: block by domain name via GUI?

you need a 3rd party URL filter software app. NH2 or websense.

or if you have an IOS router in place, you can use policy-maps. there might be other ways, but I don't know them.

class-map match-any url-block

description TEST FOR URL FILTERING

match protocol http host "*super-servers.net"

!

policy-map url-filter

class url-block

set ip dscp 1

!

Then create (or add an entry) an ACL to deny any any dscp 1.

apply the ACL, apply the policy map.

http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

108
Views
0
Helpful
1
Replies