We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 505 Lessons. More Lessons Added Every Week!
  • Personal Support by Rene Molenaar (CCIE #41726)

 

254 New Members signed up the last 30 days!

 
satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Home Forums Block website with NBAR on Cisco Router

This topic contains 7 replies, has 1 voice, and was last updated by   Rene Molenaar 1 year, 11 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #13820

    Sameer

    you can block http site with that, but you cannot block HTTPs sites with these

    #13821

    Rene Molenaar
    Keymaster

    Hi Sameer,

    I just updated the article to show you why we can’t block HTTPS with NBAR.

    Rene

    #13822

    raza

    This is awesome! Thanks

    #13823

    sandra

    What is the limit? I tried adding a lot of websites and it only shows me 7 of them when i do a show run.

    #13824

    Rene Molenaar
    Keymaster

    Hi Sandra,

    I’m not sure but there might be a limit on the number of URLs. If you have many websites to block like facebook or youtube you might want to lookup their IP address ranges and block those instead.

    Rene

    #13825

    Vitaliy

    Unfortunately, can’t block https (youtube, mail.ru, etc)
    Instead create access-list and deny all ip for approxx 30 addresses for youtube.
    Is another way to block youtube for example?

    #13826

    Rene Molenaar
    Keymaster

    Hi Vitaly,

    HTTPS won’t work since NBAR can’t look into the packets. I don’t think Youtube publishes a list of all IP addresses that they use, maybe you can lookup their AS number, find the IP addresses and block those:

    https://www.ultratools.com/tools/asnInfo

    If you enter “Youtube” you can see that they use AS36561 and AS43515. You can lookup those IP addresses and block those.

    Perhaps a better method would be to fix this using DNS. Use your DNS server so resolves youtube.com to a custom webpage and configure your firewall so users can’t use another DNS server.

    Rene

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.