11-16-2012 04:13 AM - edited 03-04-2019 06:09 PM
Hi Everyone,
I using 881 cisco router and want to block secure sites. I am using classmap to block sites and accesslist to block secure sites. Now the issue is if i need to block youtube, and if doing tracert the IP of google and youtube is in the same subnet.
If i am blocking that IP, google is also blocking with youtube which i does not want. Plz help me in blocking youtube secure site only.
I am also attaching tracert for both the sites.
Thanks,
11-16-2012 04:22 AM
Easiest thing to do is going to be configure NBAR and do inspection on HTTP packets, looking for the websites you wanting to block
Here is old CBAC example, you can do with zone based firewalls as well.
https://supportforums.cisco.com/docs/DOC-20563
--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/
11-16-2012 06:16 AM
This is a link to help you do what you are asking
http://www.techrepublic.com/article/block-access-to-a-web-site-using-the-cisco-ios/6115879
Router(config)# access-list 101 deny tcp any host www.youtube.com eq www
Router(config)# access-list 101 permit tcp any any eq www
In order to use the URL in the ACL you will need to define a DNS server for the router to use.Router(config)# ip name-server 4.1.1.1 4.2.2.2 (use whatever DNS servers you have access to)
Then apply the ACL to the interface
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide