how to block youtube & facebook from cisco router ??

Dr.X · ‎10-30-2012

hi ,

im wondering how to block both youtube & facebook

actually i dont knwo which method is perfect ,

block the ips of sites ???

or block the http & https traffic ====>to youtube & facebook

i have another difficulty which is, how to know the ips of youtube and facebook

plz advice abut the best method to block them

regards

dominic.caron · ‎10-30-2012

Hi,

You can block it using IPs with an ACL. Problem is you will have to maintain it.

You can block the url with an ACL but the router only do the url-to-IP conversion on creation...maintaining this will be a problem.

Best way to go is to use a of web filtering device...

If you have internal DNS servers, would could put fake information in it for facebook.com and youtube.com. User will have to type the real IP in the browser to get to the website.

Dr.X · ‎10-30-2012

hi , assume i want to block ips

how to know the ip range of youtube & facebook ??

regards

dominic.caron · ‎10-30-2012

The problem is youtube is mixed up with google...It's realy not a good idea to go with IP. Do you have the license for NBAR on your router, You could try to classify it and then dropping it with MQC. Never did it so I dont know how effective it would be.

cadet alain · ‎10-30-2012

Hi,

http://whois.net/dig-lookup/

Regards.

Alain

Don't forget to rate helpful posts.

Dr.X · ‎10-30-2012

hi ,

i have router 7206 npeg2 ,

how could i do it ?

cadet alain · ‎10-30-2012

Hi,

do what , the filtering ?

Regards.

Alain

Don't forget to rate helpful posts.

dominic.caron · ‎10-30-2012

http://ardenpackeer.com/tutorials/security/tutorial-how-to-use-cisco-mqc-nbar-to-filter-websites-like-youtube/

dominic.caron · ‎10-30-2012

Ok, what feature level? IP base, Advance, enterprise....

m-mostafa · ‎10-30-2012

the best way to block youtube and facebook is a class-map and poliy-map

you can block those sites by name www.youtube.com & facebook also any site

cadet alain · ‎10-30-2012

Hi,

unfortunately it won't work for facebook as it is https, I also did the same mistake when answering another thread for url filtering.

Regards.

Alain

Don't forget to rate helpful posts.

Dr.X · ‎10-30-2012

ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)

BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.4(4)XD, RELEASE SOFTWARE (fc1)

router7200 uptime is 1 week, 2 days, 22 hours, 33 minutes

System returned to ROM by power-on

System restarted at 18:22:37 GMT+3 Sat Oct 20 2012

System image file is "disk2:c7200p-advipservicesk9-mz.124-24.T4.bin"

============================

here is my config :

i read about classmap can do it ,

but it is only applied to http , not to https !!!!

========================================

agian , i blocked some youtube ips and i faced a slow in youtube and some pages are not being opened

========

does my ios can do the filtering ??

i dont want to block from dns .

regards

dominic.caron · ‎10-30-2012

Look at this discussion, your are hitting the same problem and the solution sould be the same.

https://supportforums.cisco.com/thread/2141209

You need a proxy to open up the encrypted data. I've also done it with an IPS by intercepting the certificate itself and droping the connection.

To find all of youtube IPs, you will have to do a lot of query from differents places. They use DNS to do some global load balancing. A few whois query will not do the trick here. Also, be careful with blocking IPs, I've noticed that some youtube traffic originating from caching network like Akamai.

dominic.caron · ‎10-30-2012

Blocking facebook should be easy...here are the IPs

http://whois.arin.net/rest/org/THEFA-3/nets

Be aware that user start using proxy to reach those site. You will have to start blocking those also...It's a non-stop cat and mouse game.

Dr.X · ‎10-31-2012

hi ,

thanks all for ur reply ,

@dominic ,

i will try to apply the method u suggested

regards