IP Stories

“A Written IP Related Activities”

»

Using Cisco NBAR for blocking PORN or XXX or Specific URL string

Posted by a. Rahman Isnaini r. Sutan on June 6, 2008

Tried & want to block all “thing related” to the “picture’s below” from being accessed by your LAN / save “Soap” for not married/single man yet ?

Steps Configure IP NBAR Cisco with Regular Expression [old file] :

1. Configure Class Map to match any string in URL

class-map match-any ADULT-URL
match protocol http url “*porn*”
match protocol http url “*porn”
match protocol http url “porn*”
match protocol http url “*xxx*”
match protocol http url “xxx*”
match protocol http url “*xxx”

what ever specific string in URL you want to be blocked, put it on the list (3 raws with different place of “*” to match exactly”

2. Config Policy Map to Mark Traffic ADULT ini (DSCP x)

policy-map FILTER-ADULT
class ADULT-URL
set ip dscp 5

3. Create Access List to match marking traffic (DSCP) according to Policy Route-Map which will be set to Null.

access-list 150 permit ip any any dscp 5
access-list 150 deny ip any any

4. Configure Route-Map to Null traffic


route-map DENY-ADULT permit 10
match ip address 150
set interface Null0

5. Apply Service Policy to Interface LAN where accessing to this adult sites will be restricted

int f0/0.6
desc LAN-ADULT-SITE-RESTRICTED
ip policy route-map DENY-ADULT
service-policy input FILTER-ADULT

a. rahman isnaini r.sutan

This entry was posted on June 6, 2008 at 4:35 am and is filed under Cisco, policy, security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

8 Responses to “Using Cisco NBAR for blocking PORN or XXX or Specific URL string”

  1. nick said

    July 29, 2008 at 8:30 am

    IRsmrR hi! hice site!

    Reply

  2. a. Rahman Isnaini r. Sutan said

    July 30, 2008 at 1:41 am

    Hi Nick,

    Thanks,…

    Reply

  3. yudi said

    July 30, 2008 at 4:05 am

    Jago kali uda ini…..sarapan apa tiap pagi :) ))

    Reply

  4. a. Rahman Isnaini r. Sutan said

    July 30, 2008 at 8:11 am

    Bisa aja Kau Yud.. :)
    Kadang Mie Goreng Indomie, Kadang Sari Roti, kadang ga makan..

    Reply

  5. what is the best free internet filter to block unwanted porn sites and online dating sites? said

    August 20, 2008 at 9:28 am

    [...] Cisco NBAR block PORN or XXX or Specific URL string [...]

    Reply

  6. Shabbar said

    September 18, 2008 at 12:05 pm

    Doesnt seem to be working for me, i get hit counts on the ACL but all traffic still goes thru

    Reply

  7. Soap Man said

    October 14, 2008 at 1:37 am

    I dont have any idea what the relation between soap and a single men (stupid mode = on) :P

    Reply

  8. a. Rahman Isnaini r. Sutan said

    October 14, 2008 at 4:19 am

    Shabbar, your IOS version please ?
    Soap Man, yang bener :P ?

    Reply

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

»