No announcement yet.

Block websites

  • Filter
  • Time
  • Show
Clear All
new posts

  • Block websites

    Hello everyone,

    I need some help.
    I have a workgroup having access to internet and I am usin Cisco Router 2800.
    I need to block some traffic.
    Could you please help me how to configure the router if it is possible to block traffic from websites like rapidshare or other sites.

    Please help me using simple intructions.

    Thnak you in advance.

  • #2
    block certain websites on the router

    Im new to cisco routers and I have a Cisco 2800
    Could you please tell me how to block certain websites from the router.


    • #3
      Re: Access-list / Group??

      Claud53, please don't hijack other users posts. I've flagged this to be moved to its own thread but in the interim you will probably find blocking websites on a router generally requires blocking their IP addresses. This is a very long and painful task. You may be better off finding something like Websense for this task.

      Please read this before you post:

      Quis custodiet ipsos custodes?


      • #4
        Re: Access-list / Group??

        moved it away from the hijacked thread.
        Also threads merged.
        I suggest you read the forum rules.
        Last edited by Dumber; 26th January 2009, 13:17.
        Technical Consultant

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"


        • #5
          Re: Block websites

          Thank you for your help


          • #6
            Re: Block websites


            i perfectly agree with the previous posts when it comes to using websense or any other software for that matter that may provide wht you seek..

            but on the other hand, i'll give you two solutions.. one that i'm actually using right now and another tht answers your question..

            1- you may use a transparent proxy with WCCP.

            i have a similar router which is 2811.. i've installed Squid on a linux server and used it as a transparent proxy.
            the proxy part as it name means that designated traffic has to go through it to reach the internet..
            the transparent part is what's really important, it lets your proxy do it's job of blocking sites, allowing others at a high speed, redirecting sites to others.. and all of this is done Transparently.. that means no configuration needed on the user's browser..
            now you may think that you need to set this linux server physcialy between your LAN and your gateway (i presume ur using the csico router as ur gateway) well wrong!
            you could use WCCP protocol which directs traffic reaching the router to the linux/squid server where it undergoes the rules setup on Squid and then it goes back to the router for routing to the INternet or wherever those packets may be destined to..
            the beautigul thing about WCCP is that it has a builtin failvoer solution. that means if for any reason your squid/linux server went down. the wccp protocol itself directs the traffic to the internet directly untill the squid/linux server is up again...

            2- you could use an extended access list that's set as "IN" on your LAN interface(gateway) and inside it you do as such:

            1 deny ip any host
            2 permit ip any any

            this access lst would deny rapidshare and allow everything else.. but pay attention most sites use a farm of servers!
            that means lots and lots of public ips are assigned to unless your planning to block just a few sites!
            layer 7 is the way to go like websense or squid or...