11-21-2004 09:41 PM - edited 03-02-2019 08:07 PM
I have a reqmt say I need to block my people accessing www.cisco.com. I tried it with class map and Policy map selecting HTTP URL cisco.com and I found the same not working. But with the same config,if I give any specific link in cisco.com say /go/ipj its working fine. Does this means that I can block only the hyper links on the site and not the whole site. Can anyone of u let me know how to block a site.
Thanx in adv
11-22-2004 08:07 AM
Are you using NBAR ?
11-22-2004 08:51 AM
Use NBAR:
Class-map match-any Cisco
match protocol http url "www.cisco.com"
Policy-map Blockcisco
class Cisco
drop
Interface X
service-policy output Blockcisco
Or you could just redirect it in DNS and save yourself the trouble.
Hope this helps.
Dave
11-22-2004 01:00 PM
try changing "url" to "host"
eg
class-map match-any deny_url
match protocol http host "*cisco*"
!
!
policy-map web_traffic
class deny_url
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
11-22-2004 09:22 PM
I have tried all options. Used match protocol http host "*cisco*" and still find that am able to open the home page cisco.com and not the hyper links inside it.
But my aim is to block cisco.com itself. Pls let me know ur views.
Thanx in adv.
11-23-2004 02:44 AM
I have tried this config and it blocks traffic to cisco.com
ip cef
!
class-map match-any deny_url
match protocol http host "*cisco*"
!
!
policy-map web_traffic
class deny_url
police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop
interface config
ip nbar protocol-discovery
service-policy output web_traffic
please post your configs
Cheers
02-01-2005 07:31 AM
why don't you try to block his IP ? Use a list which block www.cisco.com IP on port 80
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide