01-03-2007 07:35 AM - edited 03-05-2019 01:34 PM
Hi folks. I am new to Cisco products and there are a few things I am
trying ot configure. I am running a 2821 Router with IOS v 12.4(10a).
I am trying to configure the URL filtering portion of the firewall ACL.
I have configured to deny one site, then I enable the filter and it
shuts down all internet sites. When I disable the URL filtering,
everything works fine again. This looks pretty cut and dry but
apparently it is not. I was also reading that I needed a websense
server to use this feature? Is that correct? Thanks.
07-08-2007 08:59 PM
how can we do it on ASA5520?? as far as i have come to know.. we need a websense server for it..any comments ?
12-16-2007 10:50 PM
yea you can block particular web sites both using any url filtering server like websense or smarfilter both suppoterd on ASA platform or you can block statically using ACL for example for block hotmail.com
access-list acl-in remark Block hotmail.com
access-list acl-in extended deny tcp any 64.4.0.0 255.255.192.0 eq www log
access-list acl-in extended permit ip any any
i am not sure about subnet mask it will in CIDR format 64.4.0.0/18
this acl block whole hotmail.com on asa
regard
06-11-2008 04:10 AM
Hi,
Will this work on an 1811 router with zone based firewall currently in operation?
05-28-2008 12:37 PM
Where do you apply these commands? In global config mode? Within the access list? Any help is appreciated.
06-03-2008 01:31 PM
Kamran.Cisco,
Could you please post a running config where this is configured on an ASA and is working. I am new to the ASA line and need a little guidance. Thank you for your help.
Jason
06-11-2008 04:38 PM
access-list inside_access_out remark Block Hotmail.com
access-list inside_access_out extended deny tcp any 64.4.0.0 255.255.192.0 eq www log
access-list inside_access_out extended permit ip any any
access-group inside_access_out in interface inside
Typically, the Ethernet0/X port on your ASA that is on your PRIVATE network is called inside, or private, etc. Whatever you called it with the nameif syntax. You create an access list, apply it using the access-group command to your inside/private interface.
Make sure you have a 'permit ip any any' at the end, otherwise the explicit deny will block all other traffic not specifically permitted.
06-12-2008 07:26 AM
Got it. So basically this is just blocking the IP. Not actually blocking on the URL name. The remark line is just so you know what the next line of the ACL is blocking. Is there any way to do a re-direct based on a requested IP?
Jason
08-20-2008 05:01 AM
For the 2800 series integrated services routers, is there any way to add a custom error message in the form of an html?
08-18-2020 08:09 AM
HI is it possible to do url filtering with in ISR router 4461 with latest version .Do we need any server to do url fil.tering
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide