cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16832
Views
21
Helpful
15
Replies

how to block youtube & facebook from cisco router ??

Dr.X
Level 2
Level 2

hi ,

im wondering how to block both youtube & facebook

actually i dont knwo which method is perfect ,

block the ips of sites ???

or block the http & https  traffic ====>to youtube & facebook

i have another difficulty  which is, how to know the ips of youtube and  facebook

plz advice abut the best method to  block them

regards

15 Replies 15

dominic.caron
Level 5
Level 5

Hi,

You can block it using IPs with an ACL. Problem is you will have to maintain it.

You can block the url with an ACL  but the router only do the url-to-IP conversion on creation...maintaining this will be a problem.

Best way to go is to use a of web filtering device...

If you have internal DNS servers, would could put fake information in it for facebook.com and youtube.com. User will have to type the real IP in the browser to get to the website.

hi , assume i want to block ips

how to know the ip range of youtube & facebook ??

regards

The problem is youtube is mixed up with google...It's realy not a good idea to go with IP. Do you have the license for NBAR on your router, You could try to classify it and then dropping it with MQC. Never did it so I dont know how effective it would be.

Hi,

http://whois.net/dig-lookup/

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

hi ,

i have router 7206 npeg2   ,

how could i do it ?

Hi,

do what  ,  the filtering ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Ok, what feature level? IP base, Advance, enterprise....

the best way to block youtube and facebook is a class-map and poliy-map

you can block those sites by name www.youtube.com & facebook also any site

Hi,

unfortunately it won't work for facebook as it is https, I also did the same mistake when answering another thread for url filtering.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.4(4)XD, RELEASE SOFTWARE (fc1)

router7200 uptime is 1 week, 2 days, 22 hours, 33 minutes

System returned to ROM by power-on

System restarted at 18:22:37 GMT+3 Sat Oct 20 2012

System image file is "disk2:c7200p-advipservicesk9-mz.124-24.T4.bin"

============================

here is my config :

i read about classmap  can do it ,

but it is only applied to http , not to https !!!!

========================================

agian , i blocked some youtube ips and i faced a slow in youtube and some pages are not being opened

========

does my ios can do  the filtering ??

i dont want to block from dns .

regards

Look at this discussion, your are hitting the same problem and the solution sould be the same.

https://supportforums.cisco.com/thread/2141209

You need a proxy to open up the encrypted data. I've also done it with an IPS by intercepting the certificate itself and droping the connection.

To find all of youtube IPs, you will have to do a lot of query from differents places. They use DNS to do some global load balancing. A few whois query will not do the trick here. Also, be careful with blocking IPs, I've noticed that some youtube traffic originating from caching network like Akamai.

Blocking facebook should be easy...here are the IPs

http://whois.arin.net/rest/org/THEFA-3/nets

Be aware that user start using proxy to reach those site. You will have to start blocking those also...It's a non-stop cat and mouse game.

hi ,

thanks all for ur reply ,

@dominic ,

i will try to apply the method u suggested

regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco