04-19-2013 02:58 AM - edited 03-10-2019 05:56 AM
Hello,
I have a cisco 2921 Router with intrusion prevention license installed. I want to ask if there is a way in the signatures database to
block users from accessing specific websites like facebook,yahoo etc, or the only way this can happen is by using access-lists??
Thank you.
05-01-2013 07:23 PM
Hello,
Neither the IPS nor the ACLs are meant to block Websites.
Web pages like facebook and yahoo use https which is encrypted and can't be inspected by this features.
You can block by IP address by this is not a robust solution and can take long time and configuration since a single Site can have many IP addresses.
You can alse use regex on the router but you will have the same issue with https, only http can be blocked.
A better solution will be Websense.
Regards,
Felipe.
05-01-2013 07:35 PM
Felipe's reply is correct. However, if you do want to write an IPS signature to block a website you can use the following guide to do so:
-Blocking HTTP Websites
http://www.cisco.com/web/about/security/intelligence/ips_sig_quick_ref.html#4
05-01-2013 09:32 PM
palo alto can decrypt and inspect fttps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide