im wondering how to block both youtube & facebook
actually i dont knwo which method is perfect ,
block the ips of sites ???
or block the http & https traffic ====>to youtube & facebook
i have another difficulty which is, how to know the ips of youtube and facebook
plz advice abut the best method to block them
You can block it using IPs with an ACL. Problem is you will have to maintain it.
You can block the url with an ACL but the router only do the url-to-IP conversion on creation...maintaining this will be a problem.
Best way to go is to use a of web filtering device...
If you have internal DNS servers, would could put fake information in it for facebook.com and youtube.com. User will have to type the real IP in the browser to get to the website.
The problem is youtube is mixed up with google...It's realy not a good idea to go with IP. Do you have the license for NBAR on your router, You could try to classify it and then dropping it with MQC. Never did it so I dont know how effective it would be.
the best way to block youtube and facebook is a class-map and poliy-map
you can block those sites by name www.youtube.com & facebook also any site
unfortunately it won't work for facebook as it is https, I also did the same mistake when answering another thread for url filtering.
Don't forget to rate helpful posts.
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.4(4)XD, RELEASE SOFTWARE (fc1)
router7200 uptime is 1 week, 2 days, 22 hours, 33 minutes
System returned to ROM by power-on
System restarted at 18:22:37 GMT+3 Sat Oct 20 2012
System image file is "disk2:c7200p-advipservicesk9-mz.124-24.T4.bin"
here is my config :
i read about classmap can do it ,
but it is only applied to http , not to https !!!!
agian , i blocked some youtube ips and i faced a slow in youtube and some pages are not being opened
does my ios can do the filtering ??
i dont want to block from dns .
Look at this discussion, your are hitting the same problem and the solution sould be the same.
You need a proxy to open up the encrypted data. I've also done it with an IPS by intercepting the certificate itself and droping the connection.
To find all of youtube IPs, you will have to do a lot of query from differents places. They use DNS to do some global load balancing. A few whois query will not do the trick here. Also, be careful with blocking IPs, I've noticed that some youtube traffic originating from caching network like Akamai.
Blocking facebook should be easy...here are the IPs
Be aware that user start using proxy to reach those site. You will have to start blocking those also...It's a non-stop cat and mouse game.