Tuesday, November 17, 2009

Filter Some Websites with Cisco Router

Let's say we want to block access to the creatively named www.badsite.com.
I bet you've already configured DNS server to resolve the name in your router, if not
Router(config)# ip name-server

Router# ping www.techrepublic.com
Translating "www.techrepublic.com"...domain server ( [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

To actually block the undesirable Web site, we need to create an access control list (ACL) to define exactly what we want to block. Here's an example:

Router(config)# access-list 101 deny tcp any host www.badsite.com eq www

Allow to all rather than above

Router(config)# access-list 101 permit tcp any any eq www

Check your access like in router

Router# sh run | inc access-list 101

access-list 101 deny tcp any host eq www log <-- you can block by address and also using log to monitor with syslog. i.e Kiwi Syslog Server.

No comments: