08-02-2009 04:14 PM - edited 03-04-2019 05:37 AM
Hi,
I have successfully used the local filtering capabilities of the 2811 router to setup a filter to block from different subnets or even within the same subnet depending on IP via the zone inside to outside type of policy.
The issue I am having is that it seems to be not loading some pages correctly.
Has anyone experienced this issue before.
Below is the config I have on the router as a test.
parameter-map type urlfpolicy local urlfilterrules
alert off
allow-mode on
block-page message "URL is blocked by local-filters"
parameter-map type urlf-glob PermittedSites
pattern *
parameter-map type urlf-glob livejournal
pattern livejournal.com
pattern *.livejournal.com
parameter-map type urlf-glob youtube
pattern youtube.com
pattern *.youtube.com
parameter-map type urlf-glob ebay
pattern ebay.com
pattern *.ebay.com
pattern *.ebay.com.*
pattern ebay.com.*
parameter-map type urlf-glob facebook
pattern facebook.com
pattern *.facebook.com
parameter-map type urlf-glob myspace
pattern *.myspace.com
pattern myspace.com
parameter-map type urlf-glob flickr
pattern *.flickr.com
pattern flickr.com
parameter-map type urlf-glob bebo
pattern *.bebo.com
pattern bebo.com
parameter-map type urlf-glob twitter
pattern *.twitter.com
pattern twitter.com
pattern *.twitter.com.au
pattern twitter.com.au
class-map type urlfilter match-any PermittedSites
match server-domain urlf-glob PermittedSites
class-map type inspect match-all http-deny
match protocol http
match access-group name httpdeny
class-map type inspect match-all ip-any
match access-group name test
class-map type inspect match-all http-allow
match protocol http
match access-group name httpallow
class-map type urlfilter match-any urlfilterlist
match server-domain urlf-glob livejournal
match server-domain urlf-glob youtube
match server-domain urlf-glob ebay
match server-domain urlf-glob facebook
match server-domain urlf-glob myspace
match server-domain urlf-glob flickr
match server-domain urlf-glob bebo
match server-domain urlf-glob twitter
!
!
policy-map type inspect urlfilter allow-blockurl
parameter type urlfpolicy local urlfilterrules
class type urlfilter urlfilterlist
reset
log
class type urlfilter PermittedSites
allow
log
policy-map type inspect httpaccesspmap
class type inspect http-allow
inspect
class type inspect http-deny
inspect
service-policy urlfilter allow-blockurl
class type inspect ip-any
inspect
class class-default
drop
!
zone security inside
zone security outside
zone-pair security inside-to-outside source inside destination outside
service-policy type inspect httpaccesspmap
interface FastEthernet0/0
ip address 192.168.50.203 255.255.255.0
zone-member security outside
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
zone-member security inside
ip access-list extended NatList
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended httpallow
ip access-list extended httpdeny
permit ip 10.10.10.0 0.0.0.255 any
ip access-list extended test
permit ip any any
08-07-2009 05:46 AM
You can use these commands in order to verify your configuration.
show ip urlfilter statistics -Shows information and statistics about the filtering server.
show ip urlfilter cache
show ip urlfilter filter config -Shows the filtering configuration
08-09-2009 05:04 PM
Thanks for the reply. I will give this a go and let you know if it helps me with my problem.
08-09-2009 05:26 PM
Ah I just realised one issue. When I use the allowed group it doesnt use the urfilter yet I have similar issues. Any other ideas at all ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide