Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
1
Replies

url filtering

Muemela1
Level 1
Level 1

‎09-20-2017 03:50 AM - edited ‎03-08-2019 07:41 PM

hi am fighting to block Facebook and YouTube. but it doesn't work bellow my configurations please any one to help me?

 


! Last configuration change at 10:19:43 UTC Wed Sep 20 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$MNbc$g4uz/0X.8aYg/vcuFeyJN1
enable password sernap
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.2.197
ip dhcp excluded-address 192.168.2.196
ip dhcp excluded-address 192.168.2.199
ip dhcp excluded-address 192.168.2.1 192.168.2.120
ip dhcp excluded-address 192.168.2.208
ip dhcp excluded-address 192.168.2.190
ip dhcp excluded-address 192.168.2.198
!
ip dhcp pool dpool1
 import all
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 196.46.0.243
!
!
ip name-server 208.67.222.222
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FCZ1533916S
!
!
!
!
!
class-map match-any fechar
 match protocol http host "*www.beforward.jp*"
class-map match-all url-block-all-class
 match protocol http url "www.youtube.com"
 match protocol http url "*youtube*"
 match protocol http host "www.youtube.com"
 match protocol http host "*youtube*"
class-map match-any URL-filter
class-map match-any url-block-class
 match protocol http host "*youtube*"
 match protocol http url "*youtube*"
!
!
policy-map url-block-policy
 class url-block-class
  drop
 class url-block-all-class
  drop
policy-map Inspection
 class fechar
  drop
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description internet
 ip address 192.168.100.10 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 service-policy input url-block-policy
 service-policy output Inspection
!
interface GigabitEthernet0/1
 description localNetwork
 ip address 192.168.2.1 255.255.255.0
 ip access-group 104 in
 ip access-group 101 out
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.2.198 80 192.168.100.10 80 extendable
ip nat inside source static tcp 192.168.2.198 443 192.168.100.10 443 extendable
ip route 0.0.0.0 0.0.0.0 196.46.2.158
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
access-list 111 deny   ip 192.168.0.0 0.0.0.255 any
access-list 111 deny   ip 172.16.0.0 0.0.255.255 any
access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
access-list 111 deny   ip host 0.0.0.0 any
access-list 111 deny   ip 224.0.0.0 31.255.255.255 any
access-list 111 deny   icmp any any redirect
!
!
!
control-plane
!
!
!
line con 0
 password sernap
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password sernap
 login
 transport input all
!
scheduler allocate 20000 1000
end

cisco#
cisco#
cisco#
cisco#
cisco#
cisco#
cisco#
cisco#
cisco#
cisco#

help please

Labels:
0 Helpful
1 Reply 1

Kias
Level 1
Level 1

‎09-28-2017 12:14 AM

Hi,

 

I would recommend to integrate a web filter appliance (open source or commercials ones) to your LAN and redirect the traffic via WCCP.

 

Regards,

Kias

 

Kias
Fonicom Limited
raiseaticket Malta
0 Helpful
Customers Also Viewed These Support Documents