Also try the ip address insted of the URL.

access-list 110 deny tcp any host http://www.block.com eq www

Insted of this try

access-list 110 deny tcp any host eq www

do an nslookup http://www.block.com in your command prompt to resolve the URL. Since router would not be able to resolve your DNS name to ip address(Not sure). Kindly find the nslookup am getting from my command prompt.

P:\>nslookup http://www.block.com

Server:

Address: 192.168.134.39

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

*** Request to timed-out

P:\>nslookup block.com

Server:

Address: 192.168.134.39

Non-authoritative answer:

Name: block.com

Address: 65.220.68.100

I am unable to resolve http://www.block.com, but able to resolve block.com.

Not sure whether you have mentioned the correct URL to be blocked. I guess you have masked the URL

Hello

thank you for your quick reply

it is not the matter to choose between ip or url, because of name server being configured in the router can resolve url to ip address. the most important thing is that why i blocks all other site, inspite of

access-list 110 permit ip any any

and

access-list 110 permit tcp any any eq www

either of those 2 lines must allow other sites to be access able.

ok for being more clear i configuring the router with PPPoE that negotiate id address through ipcp and it is used virtual dialer for negotiation, do you think because of that, do i need to apply the ACL to physically connected interface?

thank you

thank

Hello

i need someone please to refine the case and suggest to me interface that must the ACL applied to, assuming the 1841 router having only 2 fastethernet switch

int ethernet 0/0 facing local lan

int ethernet 0/1 facing ISP

please advice