https://community.cisco.com/t5/network-security/cisco-2911-ios-fireall-configuration-for-https-trafic-block/m-p/2459754#M268002 <P>Without any additional license or equipment, that's very hard to achieve.</P><P>The best way to solve that problem is to use an ASA-NGFW instead of the IOS-router.</P><P>If you have to stick with the router you could use Cisco Web Security (CWS) formaly known as Scansafe. But that needs also an additional license.</P><P>With only the router you could try some dirty hacks. For example you can deny all unwanted IPs (that of Facebook, Youtube ...) in an ACL. But that is very hard to manage. Or you could control the DNS-communication in a way that your DNS-server return an internal IP of your own webserver for all the unwanted domains.</P><P>&nbsp;</P><P>But all in all, you are using the wrong tool for that problem.</P> Fri, 28 Mar 2014 10:32:23 GMT Karsten Iwen 2014-03-28T10:32:23Z https://community.cisco.com/t5/network-security/cisco-2911-ios-fireall-configuration-for-https-trafic-block/m-p/2459753#M268001 <P>Hi</P><P>&nbsp;</P><P>I am configuring Cisco 2911 Sec-k9 router. i am able to block all the sites but not able to block Https Trafic like Facebook,youtube,some unwanted Sites. how to block them. i tried with key word blocking, but still https Sites are opening.</P><P>and i want give the full internet&nbsp; access to limited&nbsp; people</P><P>Router : Cisco 2911-Seck9 (no aditional licenses)</P><P>&nbsp;</P><P>thanks in advance</P><P>Javahar<BR />&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 12 Mar 2019 04:00:26 GMT https://community.cisco.com/t5/network-security/cisco-2911-ios-fireall-configuration-for-https-trafic-block/m-p/2459753#M268001 rsjavahar 2019-03-12T04:00:26Z https://community.cisco.com/t5/network-security/cisco-2911-ios-fireall-configuration-for-https-trafic-block/m-p/2459754#M268002 <P>Without any additional license or equipment, that's very hard to achieve.</P><P>The best way to solve that problem is to use an ASA-NGFW instead of the IOS-router.</P><P>If you have to stick with the router you could use Cisco Web Security (CWS) formaly known as Scansafe. But that needs also an additional license.</P><P>With only the router you could try some dirty hacks. For example you can deny all unwanted IPs (that of Facebook, Youtube ...) in an ACL. But that is very hard to manage. Or you could control the DNS-communication in a way that your DNS-server return an internal IP of your own webserver for all the unwanted domains.</P><P>&nbsp;</P><P>But all in all, you are using the wrong tool for that problem.</P> Fri, 28 Mar 2014 10:32:23 GMT https://community.cisco.com/t5/network-security/cisco-2911-ios-fireall-configuration-for-https-trafic-block/m-p/2459754#M268002 Karsten Iwen 2014-03-28T10:32:23Z