URL Filtering should be done

piyush.dhupia · ‎03-20-2015

Having 3750,3560 switch , which configured as L2 and connected thru L3 Switch.

Vlan Configured , now want to block specific URL

Please guide.

Cisco Freak · ‎03-20-2015

Hi Piysuh,

Do a DNS resolution to the URL to find out the IP address of the URL.

You should be able block the communication towards that IP, by creating a ACL in the L3 switch. Create an ACL and apply that ACL in the proper L3 interfaces.

CF

Bilal Nawaz · ‎03-20-2015

Becomes a headache when url's go to akamai or the likes ;-) one could be there for a week(s), month(s), year(s) configuring up an ACL the length of the eiffel tower!

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Bilal Nawaz · ‎03-20-2015

URL Filtering should be done on a proxy or firewall, not a switch/multilayer switch.

Having said this, you could resolve the IP address of the domain name via nslookups that they are trying to get to and create an ACL inbound or outbound for that ip address (multiple ip addresses for urls)

With a router you could do this for http traffic

Class-map match-any URL-filter
match protocol http host "*domain.com*"
!
policy-map Inspection
class URL-filter
   drop
!
!on the external interface
service-policy output Inspection

https traffic might be more difficult in which case, get a firewall / proxy.

You could also "black hole" the DNS entry by pointing the url domain at some other non existent ip address. You would have to have control over the DNS server or turn your router/switch to resolve DNS and become dns server on your local LAN.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.