Category:Cisco Systems -> Security
Way 1. With traffic inspection
ip inspect name HTTP-Filter http urlfilter alert on
ip urlfilter allow-mode on
ip urlfilter cache 0 // Without cache 0 a user would not be allowed to visit a website with the same ip of a blocked website if a disallowed website had just been tried to be visited
ip urlfilter exclusive-domain deny .gmail.com
ip urlfilter exclusive-domain deny .cisco.com
ip urlfilter audit-trail (optional)
interface GigabitEthernet0/2.6
encapsulation dot1Q 6
ip address xxx 255.255.255.252
ip inspect HTTP-Filter out
no snmp trap link-status
Way 2. With ACLs and service policy
class-map match-all URL
match protocol http host "*facebook*"
match access-group name URL
!
!
policy-map URL
class URL
drop
!
interface FastEthernet0/0
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
service-policy input URL
!
ip access-list extended URL
deny ip host 192.168.5.1 any // Rule exception for administrator
permit ip any any