cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
279
Views
0
Helpful
3
Replies

blocking url's using access lists without interferance of pix firewall

satishkumar_m9
Level 1
Level 1

I am a network engineer in ISP.Currently we are running BGP in our networks.I faced one problem.I want to know how to block URL's using ACCESS LISTs without interferance of FIREWALL.we have not had any firewall to prevent those url's.but i want to use access lists to block those unnecessary url's inturn i can block virus etc..if any one know's how to use access lists or access list commnads which blocks those url's please send those commnads to my E-MAIL id: SATJ9@indiatimes.com

Thanking you sir,

3 Replies 3

ruwhite
Level 7
Level 7

You can't really block a URL using an access list. You can block access to the IP address of the device the http server is running on, and thus block access to the web site, but you cannot block access to the web site based on the URL itself. To block access to the site using its IP address, you first have to translate the URL into an IP address. You can do this in one of several ways, such as using a DNS lookup, or tracerouting to the site, etc.

Note that many URLs actually have several IP addresses, rather than one, especially if they are being load balanced, so you may need to block several IP addresses.

Once you have a list of addresses you want to block, just deny them as destinations using an extended access list, and filter the outbound packets from your edge router using this access list.

Russ.W

Thanking you sir for your reply .After reading your valuable message i understood that to block url's one should have firewall.

Sir,i have one dought.In cisco so many experts are doing some research to find new things.Why do not they try to find this new thing .THAT IS BLOCKING URL'S BY USING ACCESS LISTS.

I know that access lists are used to block particular group of IP addresses.suppose if somebody finds this blocking of url's by using access lists without interferance of pix firewall then it would be helpful for so many isp providers.I hope that this new technology will come soon .

Thanking you sir

ncarrera
Level 1
Level 1

I think the best way to do URL filtering with a PIX is to use a Websense server with it

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b32.html

If you were just talking about ACLs and *routers*, there is a feature called NBAR that has the abailty to inspect far enough into packets to be able to see url's, and then you can set QoS or ACL policys based on those url's. I don't think this is ment for large scale url filtering though, and I also can be cpu intensive on high bandwith links. Here's a url for one example of using nbar.

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00800fc176.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco