Re: To block a site

forsudhaji · ‎11-21-2004

I have a reqmt say I need to block my people accessing www.cisco.com. I tried it with class map and Policy map selecting HTTP URL cisco.com and I found the same not working. But with the same config,if I give any specific link in cisco.com say /go/ipj its working fine. Does this means that I can block only the hyper links on the site and not the whole site. Can anyone of u let me know how to block a site.

Thanx in adv

thisisshanky · ‎11-22-2004

Are you using NBAR ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

peterson.dave · ‎11-22-2004

Use NBAR:

Class-map match-any Cisco

match protocol http url "www.cisco.com"

Policy-map Blockcisco

class Cisco

drop

Interface X

service-policy output Blockcisco

Or you could just redirect it in DNS and save yourself the trouble.

Hope this helps.

Dave

tomanderin · ‎11-22-2004

try changing "url" to "host"

eg

class-map match-any deny_url

match protocol http host "*cisco*"

!

policy-map web_traffic

class deny_url

police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop

forsudhaji · ‎11-22-2004

I have tried all options. Used match protocol http host "*cisco*" and still find that am able to open the home page cisco.com and not the hyper links inside it.

But my aim is to block cisco.com itself. Pls let me know ur views.

Thanx in adv.

tomanderin · ‎11-23-2004

I have tried this config and it blocks traffic to cisco.com

ip cef

!

class-map match-any deny_url

match protocol http host "*cisco*"

!

policy-map web_traffic

class deny_url

police 8000 1500 1500 conform-action drop exceed-action drop violate-action drop

interface config

ip nbar protocol-discovery

service-policy output web_traffic

please post your configs

Cheers

vlad.dercaci · ‎02-01-2005

why don't you try to block his IP ? Use a list which block www.cisco.com IP on port 80