Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1794
Views
0
Helpful
16
Replies

HOW to block websites

Go to solution
WEERAKOO69BA
Level 1
Level 1

‎10-25-2013 01:03 AM - edited ‎03-11-2019 07:56 PM

Dear  all,

I am using 1841 router(Version 12.4(13r)T) and configured as a ZBF as follwos,as you all have told me.My idea is to block unwanted sites like facebook.This router is not yet connected.

Current configuration : 1076 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
dot11 syslog
ip cef
!
!
!
!
!
multilink bundle-name authenticated
parameter-map type regex DENY_SITES
pattern .*facebook.com

!
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
class-map type inspect http match-all CLASS_DENY_SITES
match  request header host regex DENY_SITES
!
!
policy-map type inspect http POLICY_DENY_SITES
class type inspect http CLASS_DENY_SITES
  reset
class class-default
!
zone security INSIDE
zone security OUTSIDE
zone-pair security IN_OUT source INSIDE destination OUTSIDE
!
!
!
interface FastEthernet0/0
no ip address
zone-member security INSIDE
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
zone-member security OUTSIDE
duplex auto
speed auto
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!

But when I try to apply policy on zoon-pair,I am getting the following error.

Router(config-sec-zone-pair)#service-policy type inspect POLICY_DENY_SITES

Inspect service-policy attachment failed

Why it is not allow to apply policies.Pls help me at your earliest....

Thank you

Labels:
0 Helpful
16 Replies 16

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to WEERAKOO69BA

‎10-27-2013 12:12 PM

Hello,

You got it

If you try to match an HTTP header host then you will block the traffic only if you are able to see what it says on that field

Http yes, u should

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
ErnestoJuarez
Level 1
Level 1
In response to WEERAKOO69BA

‎12-23-2022 02:13 AM

Thank you verymuch

I will also apply this and check so i can block unwanted sites in same manner

Eric
CCNA Specialist

Ernesto - Certified Cisco Specialist.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card