Re: URL Filtering on Cisco from Ruhann on 2010-02-11 (Ccielab archives /201002)

From: Ruhann <groupstudy_at_ru.co.za>
Date: Thu, 11 Feb 2010 23:01:06 +0200

This is has been asked many times before :)

Generally with mutliple match commands you need the match-any.
Match-any means 'as long as one of the statements matches, then execute
class-map
Match-all means EVERY match statement must be met.

For what you want to do you need one line. Then match-any or match-all is
irrelevant
To block any URL host containing the word yahoo:
match protocol http host *yahoo* >>> the "" "" is auto inserted
by IOS

Re your entries:

Match: protocol http mime "*.yahoo.com" > no such mime type. Wont
match anything

Match: protocol http url "*.yahoo.com" > valid for block the
anything at yahoo.com, ie mail.yahoo, news.yahoo.com etc

Match: protocol http url "*.yahoo.com/*" > same as previous, the
2nd * has no effect since after /.

Match: protocol http url "*yahoo.com*" > pointless, will
match examples mail.yahoo.comhere and news.yahoo.commando

Match: protocol http url "*" > will match
all URL host names

Match: protocol http host "*yahoo*" > valid, will match
any URL host containing yahoo

For extensive examples how to use the NBAR with a match command, see this
article I did a while back:
blog.ru.co.za/2009/02/15/using-nbar-to-match-web-traffic/

HTH

-- 
<ruhann>
blog.ru.co.za
On Thu, Feb 11, 2010 at 8:21 PM, Mark Stephanus Chandra <
mark.chandra_at_gmail.com> wrote:
> Hi Guys,
>
>
>
> Have you ever tried filtering url in cisco router ?
>
>
>
> Well, I just tried it and it doen't work, don't know what's wrong.
>
>
>
> This is my config for class-map
>
>
>
> Class-map: mark (match-all)
>
>      0 packets, 0 bytes
>
>      5 minute offered rate 0 bps, drop rate 0 bps
>
>      Match: protocol http mime "*.yahoo.com"
>
>      Match: protocol http url "*.yahoo.com"
>
>      Match: protocol http url "*.yahoo.com/*"
>
>      Match: protocol http url "*yahoo.com*"
>
>      Match: protocol http url "*"
>
>      Match: protocol http host "*yahoo*"
>
>      Drop
>
>
>
> As you can see, First, the only thing i want to do is just to filter
> everything about yahoo.
>
>
>
> But, it seems like no effect in this scheme, so I just tried to block it
> all
> by using match protocol http *
>
> But the result is, I still can browse to web sites, no effect at all
>
>
>
> So the scenario is, I just have one router with two interfaces
>
>
>
> One going to inside and the other going outside
>
>
>
> These are the configs :
>
>
>
> interface Ethernet0/0
>
>  description Outside
>
>  ip address
>  ip nat outside
>
>  ip virtual-reassembly
>
>  half-duplex
>
>  service-policy input mark
>
> !
>
> interface FastEthernet0/0
>
>  description Inside
>
>  ip address 192.168.1.1 255.255.255.0
>
>  ip nat inside
>
>  ip virtual-reassembly
>
>  speed auto
>
>  service-policy input mark
>
>  service-policy output mark
>
>
>
> any clue whats wrong ?
>
> Regards
>
> Mark Stephanus Chandra - CCIE#23887
> IT Consultant
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- 
<ruhann>
blog.ru.co.za
Blogs and organic groups at http://www.ccie.net

Received on Thu Feb 11 2010 - 23:01:06 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART