Re: URL Filtering on Cisco from mark.chandra_at_gmail.com on 2010-02-11 (Ccielab archives /201002)

From: <mark.chandra_at_gmail.com>
Date: Fri, 12 Feb 2010 01:29:51 +0000

Guys,

Thanks a lot for the input,

I would tried some of your suggestion and let see the result.

And, is there an nbar definition for messenger ?
Sent from my BlackBerry. wireless device from XL GPRS/EDGE/3G network

-----Original Message-----
From: Jared Scrivener <lists_at_jaredscrivener.com>
Date: Fri, 12 Feb 2010 04:39:00
To: Mark Stephanus Chandra<mark.chandra_at_gmail.com>
Cc: Cisco certification<ccielab_at_groupstudy.com>
Subject: Re: URL Filtering on Cisco

You used a match-all not a match-any in your class-map. That'll be the
reason. Both the MIME type and URL aren't "yahoo.com" simultaneously...

-- 
Cheers,
Jared Scrivener
CCSI #30878, CCIE3 #16983 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
LinkedIn:www.linkedin.com/in/jaredscrivener
On Fri, Feb 12, 2010 at 4:21 AM, Mark Stephanus Chandra <
mark.chandra_at_gmail.com> wrote:
> Hi Guys,
>
>
>
> Have you ever tried filtering url in cisco router ?
>
>
>
> Well, I just tried it and it doen't work, don't know what's wrong.
>
>
>
> This is my config for class-map
>
>
>
> Class-map: mark (match-all)
>
>      0 packets, 0 bytes
>
>      5 minute offered rate 0 bps, drop rate 0 bps
>
>      Match: protocol http mime "*.yahoo.com"
>
>      Match: protocol http url "*.yahoo.com"
>
>      Match: protocol http url "*.yahoo.com/*"
>
>      Match: protocol http url "*yahoo.com*"
>
>      Match: protocol http url "*"
>
>      Match: protocol http host "*yahoo*"
>
>      Drop
>
>
>
> As you can see, First, the only thing i want to do is just to filter
> everything about yahoo.
>
>
>
> But, it seems like no effect in this scheme, so I just tried to block it
> all
> by using match protocol http *
>
> But the result is, I still can browse to web sites, no effect at all
>
>
>
> So the scenario is, I just have one router with two interfaces
>
>
>
> One going to inside and the other going outside
>
>
>
> These are the configs :
>
>
>
> interface Ethernet0/0
>
>  description Outside
>
>  ip address
>  ip nat outside
>
>  ip virtual-reassembly
>
>  half-duplex
>
>  service-policy input mark
>
> !
>
> interface FastEthernet0/0
>
>  description Inside
>
>  ip address 192.168.1.1 255.255.255.0
>
>  ip nat inside
>
>  ip virtual-reassembly
>
>  speed auto
>
>  service-policy input mark
>
>  service-policy output mark
>
>
>
> any clue whats wrong ?
>
> Regards
>
> Mark Stephanus Chandra - CCIE#23887
> IT Consultant
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- 
Cheers,
Jared Scrivener
CCSI #30878, CCIE3 #16983 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
LinkedIn:www.linkedin.com/in/jaredscrivener
Blogs and organic groups at http://www.ccie.net

Received on Fri Feb 12 2010 - 01:29:51 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART