Hii,

I need a way to configure a 2801 Router for allowing some internal users to access a specifed list of web pages. For example i need that the user with ip 192.168.1.50 to have acces just to www.xxx.net and www.xxx.com and some other clients to have full access. It's this possible? And if it's possible i need a way to do this.

The IOS version is :

1. Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 12.4(16b), RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 20-Dec-07 03:43 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

System returned to ROM by power-on

System image file is "flash:c2801-ipbase-mz.124-16b.bin"

Cisco 2801 (revision 7.0) with 114688K/16384K bytes of memory.

Processor board ID FCZ123212X3

6 FastEthernet interfaces

DRAM configuration is 64 bits wide with parity disabled.

191K bytes of NVRAM.

62720K bytes of ATA CompactFlash (Read/Write)

I have made this conf :

class-map match-any AUTHORIZED_URLS

match protocol http url "*.xxx.net"             /* also i have put host ...

match protocol http url " *.xxx.com"

ip access-list extended RESTRICTED_USERS

permit tcp host 192.168.1.50 any eq www

class-map match-all USER_URLS

match access-group name RESTRICTED_USERS

match  not class AUTHORIZED_URLS

policy-map URL_POLICY

class USER_URLS

drop

interface Vlan1

service-policy input URL_POLICY

but this is blocking all the web access on the client with 192.168.1.50.

Regards,