بسم الله والحمد لله والصلاة والسلام علي رسول الله وآله وصحبه وإخوانه وسلم
how to deny access to certain website using your cisco router
i know it may be silly to talk about this method of denying acceess to certain websites, but i mainly intend to show you a quick method of denying access to certain websites without the need to use advanced web filtering programs that may need a dedicated server or even multiple servers to do this task. look this method may be vulnerable or easily bypassed but anyway this is the case over here.
this method depends on using class maps to filter the website:
class-map match-any SOCIAL_NET
match protocol http host www.facebook.com
match protocol http host www.youtube.com
match protocol http host twitter.com
!
policy-map DROP_SOCIAL_NET
class SOCIAL_NET
drop
!
!
interface FastEthernet0/1
service-policy output DROP_SOCIAL_NET
!
but what about using https???
if you noted that in the class map i did not mentioned https, but you can using the following command:
match protocol secure-http
but this will deny the https access to any web content that is encrypted using https "port 443". this is because cisco has other web filtering solutions that give you more flexibility of web filtering so it did not allowed us to use the https with the website name.
so if you decided to prevent the https, Firefox has a powerful addons that allows you to open whatever you need using https, i came a cross a powerful one called "https every where", really awesome.
hope that has been informative to you and i would like to thank your for following this blog.
Best Regards
Ahmed Mustafa
ولا تنسوني والمسلمين من صالح الدعاء
وصلي الله وسلم وبارك علي النبي وآله وصحبه وإخوانه وسلم