Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

blocking url's using access lists without interferance of pix firewall

I am a network engineer in ISP.Currently we are running BGP in our networks.I faced one problem.I want to know how to block URL's using ACCESS LISTs without interferance of FIREWALL.we have not had any firewall to prevent those url's.but i want to use access lists to block those unnecessary url's inturn i can block virus etc..if any one know's how to use access lists or access list commnads which blocks those url's please send those commnads to my E-MAIL id:

Thanking you sir,


Re: blocking url's using access lists without interferance of pi

You can't really block a URL using an access list. You can block access to the IP address of the device the http server is running on, and thus block access to the web site, but you cannot block access to the web site based on the URL itself. To block access to the site using its IP address, you first have to translate the URL into an IP address. You can do this in one of several ways, such as using a DNS lookup, or tracerouting to the site, etc.

Note that many URLs actually have several IP addresses, rather than one, especially if they are being load balanced, so you may need to block several IP addresses.

Once you have a list of addresses you want to block, just deny them as destinations using an extended access list, and filter the outbound packets from your edge router using this access list.


New Member

Re: blocking url's using access lists without interferance of pi

Thanking you sir for your reply .After reading your valuable message i understood that to block url's one should have firewall.

Sir,i have one dought.In cisco so many experts are doing some research to find new things.Why do not they try to find this new thing .THAT IS BLOCKING URL'S BY USING ACCESS LISTS.

I know that access lists are used to block particular group of IP addresses.suppose if somebody finds this blocking of url's by using access lists without interferance of pix firewall then it would be helpful for so many isp providers.I hope that this new technology will come soon .

Thanking you sir

New Member

Re: blocking url's using access lists without interferance of pi

I think the best way to do URL filtering with a PIX is to use a Websense server with it

If you were just talking about ACLs and *routers*, there is a feature called NBAR that has the abailty to inspect far enough into packets to be able to see url's, and then you can set QoS or ACL policys based on those url's. I don't think this is ment for large scale url filtering though, and I also can be cpu intensive on high bandwith links. Here's a url for one example of using nbar.