Access List URL Filtering

Rawa Salah · ‎07-29-2013

Hi all

please how can i filter some URL in my MultilayerSwitch Via Access List (ACL) ? and whats the commands......

please guide me

Seb Rupik · ‎07-30-2013

Hi Rawa,

URL filtering is what you're after, but this is only availble on applicances which offer packet inspection allowing you to filter using regular expressions to pick out certain URLs.

The closest you will be able to achieve with a switch is to find the IPs of the URLs you wish to deny access to (I assume that's what you want to do?) and set up an ACL on the switchport connecting to your uplink. The ACL would be created to deny all IP traffic to the hosts you specify.

!

inteface gi1/0/1

desc uplink port

ip access-group urls_I_dont_like in

!

ip access-list ext urls_i_dont_like

deny tcp any host 173.194.34.81 eq www

deny tcp any host 173.194.34.82 eq www

permit tcp any any

!

...this would block HTTP access to the two hosts specified, and allow all other traffic. If you want to block all IP traffic to the hosts use this instead:

deny ip any host 173.194.34.81

cheers,

Seb.

Thiyagu VG · ‎07-30-2013

It depends on, which platform you are going to set it up.

Could you share the platform details and the exact requirement.

Depends on you requirement you can go with URL Filtering or Cisco New Content Filtering.

More info refer: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/prod_qas0900aecd804abb06.html

You can refere few cisco documents to get more details about it.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/filter_f.html

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/24/software/user/guide/URLftr.html

Thanks,

ThiyaguVG.