Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP UrlFiltering Question

Is there a way to display a web page that states that the url was blocked by the corporate policy instead of the You are not Authorized. We would like to make sure the users are clear on why there were not able to access the specific website. This a 2800 series ISR using a local url site list.

Thanks,

Joe

5 REPLIES
New Member

Re: IP UrlFiltering Question

The user provisions URL filtering on the ISR by selecting categories of websites to be permitted or blocked. An external server, maintained by a 3rd party, will be used to check for URLs in each category. Permit and deny policies are maintained on the ISR. The service is subscription based, and the URLs in each category are maintained by the 3rd party vendor.

Refer the url below for more information on URL filtering:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_url_filtering.html

New Member

Re: IP UrlFiltering Question

Per the orinal post "This a 2800 series ISR using a local url site list."

We are defining specific sites,facebook.com and so forth...we would like to determine if there is way we can return a banner or web page from the ISR that states that they were blocked...their is no 3rd party external server involved. We are currently able to block the sites but it returns a default "You are not Authorized Page"..we would like to return a page explaining that this was blocked due to company policy.

Thanks,

Joe

Gold

Re: IP UrlFiltering Question

Perhaps you already know this, but FWIW you won't be able to stop users from hitting https://www.facebook.com unless you block the IP address. The same would apply for any URL you're trying to block.

Cisco Employee

Re: IP UrlFiltering Question

Joe,

I haven't tested in the lab but hopefully you will find the below information useful.

Parameter-Map Command: parameter-map type urlfpolicy trend

Block-page {[message ] | [redirect-url ]}: Use this command to customize the information displayed when a URL is blocked by the firewall. The default for this value [[ok? otherwise pls put another noun]] is a preconfigured string, which simply indicates that the user is not authorized to access the URL.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/white_paper_c89-492776.html

Just CLI Commands from a Lab Chassis.

2821(config)#parameter-map type urlfpolicy local TEST

2821(config-profile)#block-page message WE-ARE-MONITORING-YOU-HAHAHA

Regards,

Arul

** Please rate all helpful posts **

New Member

Re: IP UrlFiltering Question

Thanks for the post...I tried the commands and they didn't take...block-page is not valid...

here is how the config looks for the block pages...:

ip urlfilter allow-mode on

ip urlfilter exclusive-domain deny .com.br

ip urlfilter exclusive-domain deny .thenoobcomic.com

ip urlfilter exclusive-domain deny .snapfish.com

ip urlfilter exclusive-domain deny .blog.wired.com

ip urlfilter exclusive-domain deny .jibjab.com

ip urlfilter exclusive-domain deny .eyewonder.com......

I have looked and can't find the block-page command...any suggestions...

Thanks,

Joe

270
Views
5
Helpful
5
Replies