Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

blocking www.blocksite.com

Hello

i'm asked by our Manager to block specific site let us asume http://www.block.com, as normal i logged into the router and start with these 3 lines

access-list 110 deny tcp any host http://www.block.com eq www

(for other site to be accessable)

access-list 110 permit tcp any any eq www

**********

in the interface that facing the ISP

ip access-group 110 out

it's successfully block http://www.block.com and accordingly all other sites in the web.

what could be wrong, please i need advice.

thank you.

6 REPLIES
New Member

Re: blocking www.blocksite.com

i think you should mention permit ip any any as the second line insted of tcp any any

access-list 110 permit ip any any

Because the command you gave will only permit TCP traffic, but block rest.

try and lemme know whether it worked.

New Member

Re: blocking www.blocksite.com

Also try the ip address insted of the URL.

access-list 110 deny tcp any host http://www.block.com eq www

Insted of this try

access-list 110 deny tcp any host eq www

do an nslookup http://www.block.com in your command prompt to resolve the URL. Since router would not be able to resolve your DNS name to ip address(Not sure). Kindly find the nslookup am getting from my command prompt.

P:\>nslookup http://www.block.com

Server:

Address: 192.168.134.39

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

*** Request to timed-out

P:\>nslookup block.com

Server:

Address: 192.168.134.39

Non-authoritative answer:

Name: block.com

Address: 65.220.68.100

I am unable to resolve http://www.block.com, but able to resolve block.com.

Not sure whether you have mentioned the correct URL to be blocked. I guess you have masked the URL

New Member

Re: blocking www.blocksite.com

GO for IP address not for URL

New Member

Re: blocking www.blocksite.com

Hello

thank you for your quick reply

it is not the matter to choose between ip or url, because of name server being configured in the router can resolve url to ip address. the most important thing is that why i blocks all other site, inspite of

access-list 110 permit ip any any

and

access-list 110 permit tcp any any eq www

either of those 2 lines must allow other sites to be access able.

ok for being more clear i configuring the router with PPPoE that negotiate id address through ipcp and it is used virtual dialer for negotiation, do you think because of that, do i need to apply the ACL to physically connected interface?

thank you

thank

New Member

Re: blocking www.blocksite.com

Hello

i need someone please to refine the case and suggest to me interface that must the ACL applied to, assuming the 1841 router having only 2 fastethernet switch

int ethernet 0/0 facing local lan

int ethernet 0/1 facing ISP

please advice

Cisco Employee

Re: blocking www.blocksite.com

Either way should be fine.

821
Views
0
Helpful
6
Replies