• Advertisement

Web filtering for IP ranges

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.

Re:Web filtering for IP ranges

Postby Guest » Fri Jan 04, 2008 1:46 pm

beautiful thank you so much, im going to throw this into my configuration into a couple of hours, I just needed to see the format.

 

thank you so much. im going to mark this thread as answered later tonight after my testing is complete.

 

its ok that you didnt answer sooner, i had many other things i had to take care of so its not a big deal.

 

thanks again

 

elliott

Guest
 

Advertisement

Re:Web filtering for IP ranges

Postby Guest » Fri Jan 04, 2008 2:05 pm

Hi Elliot

 

If anything happens just let me know, will be more than glad to help you out.

 

Mike Rojas.

Guest
 

Re:Web filtering for IP ranges

Postby Guest » Fri Jan 04, 2008 3:28 pm

Ive gotten the configuration you gave me into the router except for one portion of it.

 

policy-map type inspect in-out
class  http-filter
   inspect
    urlfilter

 

I was able to load

   policy-map type inspect in-out
      class  http-filter
      inspect

but when i try to add the command urlfilter the console gives me

    % Incomplete command.

 

Im guessing this is where the actual filtering is done because the firewall is not filtering at this point.

   I also wanted to check that like other cisco services there is an implicit deny for things unspecified.

 

So if i configure the firewall as such :

 

     parameter-map type urlfilter http-filter
          allow-mode on
       exclusive-domain allow google.com

       exclusive-domain allow yahoo.com
       exclusive-domain allow hotmail.com
       exclusive-domain allow gmail.com

 

then all the other sites should be blocked right?

 

or do I have to use a wildcard and actually block along the lines of

     exclusive-domain deny *

after my allowances?

 

 

thanks again in advance

 

 

elliott

Guest
 

Re:Web filtering for IP ranges

Postby Guest » Fri Jan 04, 2008 3:46 pm

Hi Elliot,

 

Yes, sorry forgot one command there

 

policy-map type inspect in-out
class  http-filter
   inspect
    urlfilter http-filter

 

If you want to allow those sites:

 

       exclusive-domain allow yahoo.com
       exclusive-domain allow hotmail.com
       exclusive-domain allow gmail.com

On the parameter-map, instead of allow-mode on, put allow-mode off, that would block the rest of the sites that you are not specifying in the exclusive domain.

 

 

 

Let me know.

 

Mike

Guest
 

Re:Web filtering for IP ranges

Postby Guest » Fri Jan 04, 2008 5:07 pm

Ok I changed allow mode to off

 

but when I get into Router 9config-pmap-c) #

 

i tried

          urlf http-filter

%Protocol "http" not found in class-map

 

So should I change the name of the class-map filter?

 

I guess Ill try that and see how it goes

 

thanks again for your time.

 

 

 

elliott

 

 

edit*

 

this did not work either, I guess I am missing something somewhere else to get the %Protocol "http" not found in class-map

Guest
 

PreviousNext


  • Advertisement


Similar topics

URL filtering
Forum: Routing Protocols
Author: Guest
Replies: 1

hotspot filtering list
Forum: Cisco Security
Author: Anonymous
Replies: 0

Filtering noncontiguous ports.
Forum: Cisco Security
Author: Anonymous
Replies: 0

Clientless Webvpn Filtering with Citrix Traffic
Forum: Virtual Private Networks
Author: Anonymous
Replies: 0

Filtering OSPF routes sent to SP
Forum: Anything Networking
Author: Anonymous
Replies: 0


Return to Cisco Security

Who is online

Users browsing this forum: No registered users and 4 guests