Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2145
Views
0
Helpful
5
Replies

Creating Whitelist for specific URLs Blocking ALL others

httptrashcan
Level 1
Level 1

‎05-09-2008 10:37 PM - edited ‎03-05-2019 10:52 PM

Hi All. I have a cisco 1711 router that I need to create a whitelist on. I need to be able to allow hundreds of allowed websites and block ALL others.

I have no problem creating the allowed website list. My question is How do I block ALL other websites?

My other question is How many websites is it possible to allow? 100? 1000? Is the amount I can allow or permit based on the routers memory?

Any help in this matter is greatly appreciated.

Labels:
0 Helpful
5 Replies 5

joseph.derrick
Level 1
Level 1

‎05-11-2008 12:10 AM

Hi,

Routers do not know the actual payload of data. What it basically does is to route packets without having an interest on what data it is.

Though it's possible to create access lists on the router to do this (packet filter), but time will come that you will encounter problem on sites that often change ip addresses/ports.

My suggestion is to create an access list to intercept all packets destined to port 80 (http) and redirect it to a proxy server. The proxy server will check on the sites if it's allowed or not.

I have tried setting this up on the following setup:

Operating System: Linux/Any NIX based system

Proxy Software: Squid

Filtering (blacklisting/whitelisting/graylisting): Dansguardian

Please rate if it helps.

Thanks,

Joseph Derrick

0 Helpful

httptrashcan
Level 1
Level 1

‎05-28-2008 07:11 PM

I will respond to my own inquiry since I have found the answers.

You can block ALL websites by using the wildcard *.*.*

I did this through the Security Device Manager. You can also use the SDM to import and export URL lists.

Cisco IOS URL Filtering supports up to 256 static URLs.

You can find a wealth of information about Cisco IOS Filtering on the Cisco website:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6643/prod_white_paper0900aecd804abb11.html

0 Helpful

httptrashcan
Level 1
Level 1

‎05-28-2008 07:20 PM

I would also like to ask another question for those who may know the answer.

I am able to whitelist websites for all computers on the network but I need to be able to exclude specific computers from the whitelist and I am not sure how to do this.

Right now I have the whitelist setup to inspect all traffic coming into vlan1.

interface vlan1

ip address 106.0.0.1 255.255.255.0

ip inspect myiosurlfilter in

I need to be able to exclude at least 1 to 3 ip addresses from being whitelisted.

Thanks in Advance for any help.

0 Helpful

httptrashcan
Level 1
Level 1
In response to httptrashcan

‎09-05-2008 06:39 AM

Anyone know the answer to this?

0 Helpful

httptrashcan
Level 1
Level 1
In response to httptrashcan

‎09-06-2008 10:49 AM

Would a VLAN solve this issue? Would it be possible for me to divide the 4 port switch into 2 VLAN's. A vlan for filtered traffic and a vlan for unfiltered traffic. If this sounds feasible can anyone show me how to set it up properly? I would need both VLANS to be on the same network so they could communicate with each other. Just trying to find a solution here but I'm not too experienced. Hoping someone can help me out.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card