04-08-2022 10:36 AM
i have a c1111 Cisco IOS XE Software, Version 16.09.06 (and a 2960x)
can i some how catch and rewrite a httpS request
along the line
facabook.com (123.45.67.89) --> mydomain.com (172.16.0.123)
my target is to catch advert sites and show a gift instead of the ad
i am pretty sure i can catch it and DROP the packet some how with NBAR (at least for http not sure for https)
but i would prefer to redirect it to my web server
more or less a dns rewrite sort of thing
i dont want to use the router as a dns server because i am running a separate one on one of my servers
and creating a zone for each site i want to catch on the dns server would be a to big mess
i know i could use the "host" file but if the router could do it some how i would prefer that
04-08-2022 05:14 PM
simple is what DNS you are using, if you have your own DNS, punch DNS hole with DNS Entry for fabook.com to your server IP ? is this what are you looking for?
04-08-2022 05:55 PM
i am using windows server as dns
but i would prefer to use the router
my router is running for over a half year now what would be fare over a year if there wouldnt have been a power outage of half a day what my ups couldnt cower
during this time i have reinstalled windows server 5-6 times i would like to keep dns setup on it to a minimum maybe even move it completely to the router unfortunately i cant set up wildcard domains (needed to block the ads) on it else way job would be done
i dug a bit around it seems to me that with some nbar - policy-map - nat trickery it should be possible
my concerns are currently that i would need to nat from an inside to an inside interface the blocked side that is
and also nat as normal inside outside to reach nonblocked sides
in addition there is already a policy-map on the outside interface for traffic shaping not sure if i can combine the 2
but shaping isnt prevalent in the moment so i could renounce it if i need to
04-09-2022 01:53 AM
but i would prefer to use the router
So are you using DNS as your router for now, you like to configure in Router - is this correct?
04-09-2022 12:22 PM
i just setup the router as dns server for my work computer others are still using my main server as the dns server
but lets go with that i use the router as dns
unfortunately you cant set wildcard domains in the router and ads coming from addresses like dfhuheri.ad.com wee.ad.com wwwe.ad.com ....
so i need to catch them with nbar by "*.ads.com" and some how nat it to 10.0.0.1 instead of the real ip
04-10-2022 08:53 PM
this here blocks the side
ip nbar custom test ssl unique-name "*test.com*" id 1 class-map match-all test match protocol test policy-map test class test police cir 8000 bc 1000 be 1000 conform-action drop exceed-action drop violate-action drop
next step would be to nat redirect it instead of dropping it
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide