How to block a specific URL in Cisco routers
Cisco Routers, Network routers, Network security, Networking, Networking Equipment, Routers, URL parameters
Can you block a specific URL in Cisco routers? If so, can you tell me the steps?
Software/Hardware used:
Software/Hardware used:
ASKED:
March 12, 2009 10:18 PM
UPDATED:
April 2, 2009 3:09 PM
Answer Wiki:
There is no specific way to block the URL with the usual ACL on the Cisco router, but you can do a work around and mark the packets for specific URL with some DSCP value, and then filter on that DSCP value in the ACL.
Steps are very simple:
1. create class map and match on specific url
2. create the policy map and under the specified class map set dscp value. Make sure that this dscp value is not used by other traffic, otherwise it may be dropped.
3. apply policy on the inbound interface.
4. create and apply ACL on the outbound interface in outbound direction that will deny packets with that dscp value.
To see all answers submitted to the Answer Wiki: View Answer History.
I want to say no that you can’t block just a URL on Cisco routers, You can however definately block IP addresses through ACLs very easily. Probablem with the later method though is you may also be blocking content or access to sites that you may not want to block.
If you’re looking to block URLs to prevent employees from surfing them, you’d probably be better served using a FIREWall software that will give you greater customization of what can and cannot be surfed across your network.
I’m not extensively familiar with FIREWALLs so if anyone would like to add to this and suggest a good solid Software version I would also be interested in knowing this as well.
Check out Marshal, BluePrint Data, Barracuda, etc. for Web filtering systems…that may be the best route. If it’s just one site you can block URLs in Internet Explorer via GPOs…send more info on your setup/needs and we can provide more details.