cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
919
Views
20
Helpful
19
Replies
Highlighted
Beginner

how block url in router cisco c881 800series

these are the settings
----------------------------------------

no ip source-route
no ip gratuitous-arps
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
!
ip dhcp pool LAN FAB1 DHCP
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 1.1.1.1 1.0.0.1
lease 7
!
!
!
no ip bootp server
ip domain name grupoterrasul.local
ip host www.facebook.com 10.10.10.10
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FCZ173691FR
!
!
archive
log config
logging enable
object-group network obj-facebook.com
!
!
!
!
class-map match-any url-bloquear-sites
match protocol http host "*youtube*"
match protocol http host "*facebook*"
match protocol http host "*xvideos*"
match protocol http host "*torrent*"
match protocol http host "*badoo*"
match protocol http host "*porn*"
match protocol http host "*twitter*"
match protocol http host "*bittorrent*"
class-map match-all FACEBOOKBLOCK
match protocol http host "www.facebook.com"
match protocol secure-http
!
policy-map FACEBOOK.COM-POLICY
class FACEBOOKBLOCK
drop
policy-map url-bloquearsites-policy
class url-bloquear-sites
drop
!
zone security inside
zone security outside
zone security dmz
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
spanning-tree portfast
service-policy input url-bloquearsites-policy
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
description TVBACO FIBRA 20M
ip address 192.168.100.77 255.255.255.0
ip access-group autosec_firewall_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect autosec_inspect out
ip virtual-reassembly in
ip verify unicast source reachable-via rx allow-default 100
duplex auto
speed auto
service-policy input url-bloquearsites-policy
!
interface Vlan1
description LAN FAB1
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
ip access-list extended NAT_FILTERING
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!

19 REPLIES 19
Highlighted

bellow

Highlighted

Hi @Staline Satola 
do sh class-map

{
Class Map match-any class-default(id 0)
Match any
}

{
Class Map match-any url-block-class (id 3)
Match protocol http host "*youtube*"
Match protocol http host "*yahoo*"
Match protocol http host "**facebook"
}

policy-map url-block-policy
class url-block-class
drop
exit
exit
show policy-map

Please check

Now lets apply the policy map inbound on the Lan interface Fa0/1(example)
int fa0/1
service policy input url block policy

 

Best Regards,

Josiane

Highlighted

GTSR881#sh class-map
Class Map match-all facebook (id 1)
Match protocol http url "*facebook*"

Class Map match-any cm-blocked-content (id 2)
Match protocol http host "*youtube*"

Class Map match-any class-default (id 0)
Match any

-----
What is your router?
  mine is cisco c881 800 series

---
I'll try the above instruction.
Highlighted

//and my policy-map
-----

GTSR881#sh policy-map
Policy Map nofacebook
Class facebook
drop

Policy Map pm-blocked-content
Class cm-blocked-content
drop

service put in int fa0, but it´s not wort
Highlighted

Hi @Staline Satola 

 

You can access the inbound interface of your LAN.

That would be the example I gave fa0 / 1 = LAN inbound interface

Now lets apply the policy map inbound on the Lan interface Fa0 /1 (example)

 

Comands:

enable
conf t
int fa0 / 1 ("would be your inbound LAN interface"
service policy input facebook