Blocking secure sites

jeevan.koganti · ‎11-16-2012

Hi Everyone,

I using 881 cisco router and want to block secure sites. I am using classmap to block sites and accesslist to block secure sites. Now the issue is if i need to block youtube, and if doing tracert the IP of google and youtube is in the same subnet.

If i am blocking that IP, google is also blocking with youtube which i does not want. Plz help me in blocking youtube secure site only.

I am also attaching tracert for both the sites.

Thanks,

SOcchiogrosso · ‎11-16-2012

Easiest thing to do is going to be configure NBAR and do inspection on HTTP packets, looking for the websites you wanting to block

Here is old CBAC example, you can do with zone based firewalls as well.

https://supportforums.cisco.com/docs/DOC-20563

--
CCNP, CCIP, CCDP, CCNA: Security/Wireless
Blog: http://ccie-or-null.net/

-- CCNP, CCIP, CCDP, CCNA: Security/Wireless Blog: http://ccie-or-null.net/

Rick Morris · ‎11-16-2012

This is a link to help you do what you are asking

http://www.techrepublic.com/article/block-access-to-a-web-site-using-the-cisco-ios/6115879

Router(config)# access-list 101 deny tcp any host www.youtube.com eq www 
Router(config)# access-list 101 permit tcp any any eq www

In order to use the URL in the ACL you will need to define a DNS server for the router to use.

Router(config)# ip name-server 4.1.1.1 4.2.2.2 (use whatever DNS servers you have access to)

Then apply the ACL to the interface