Hello,

kaushal.pawan · ‎11-28-2016

Dear ALL,

I have Cisco 2900 series router and wants to Block https://facebook.com and porn sites and mp3,mp4

I have created the Class map mat protocol http url *facebook.com* ,*porn*and applied to LAn interface but it does not blocking the face book as the url is https and if i user secure-http it will block all traffice to secure sites like yahoo, gmail etc

Can any body help me

Richard Burts · ‎11-29-2016

I am not sure that the 2900 can do the filtering that you want to do. To do the filtering that you describe you need deeper inspection of the packet. Probably something like the WSA or an ASA with FirePower would be able to do this kind of inspection.

HTH

Rick

HTH

Rick

Georg Pauwen · ‎11-29-2016

Hello,

the class map below matches the URL as well as HTTPS; you need one class map for each URL, since you cannot specify which secure http host you want to block. So by matching 'all', the URL should, in theory, be blocked, and everything else HTTPS should be allowed.

class-map match-all FACEBOOOK
match protocol http host "www.facebook.com"
match protocol secure-http

Joseph W. Doherty · ‎11-29-2016

For Facebook, perhaps a variation of what Gpauwen posted. For Facebook's https traffic, you could match that and Facebook's IP(s) (or if you want to just block any Facebook traffic, just match its IP[s] - https won't mask that). (Maintaining Facebook IP[s] is a bother, but don't see how you're going to "see" into a https packet unless you have a device that spoofs the client side [assuming client side doesn't also authenticate itself].)

Url Fitering