cisco利用路由器来做url过滤
Cisco IOS Content Filtering Modes
Subscription-based Cisco IOS content filtering operates in one of threemodes: local filtering mode, URL database filtering mode, and allowmode.
www.zhishiwu.com
Local Filtering Mode
In this mode, the Cisco IOS contentfiltering service first tries to match the requested URL with the locallists of trusted domains (white list), untrusted domains (black list),and blocked keywords. If a match is not found, the Cisco IOS contentfiltering service forwards the lookup request to the URL filteringserver as specified in the policy. If the Cisco IOS content filteringservice cannot establish communication with the URL filtering server,the system enters allow mode.
The system is in local filtering modewhen a URL filtering policy for a URL filtering server has not beenspecified and when the system cannot establish a connection with theURL filtering server.
URL Database Filtering Mode
In this mode, the Cisco IOS contentfiltering service has connectivity with the URL filtering server; itcan send URL lookup requests to and receive URL lookup responses fromthe URL filtering server.
In the case of a TRPS, the Cisco IOScontent filtering service sends a URL category lookup request to theTRPS and the TRPS responds with the URL category and the URLreputation. Based on the policy set for the URL category andreputation, the HTTP request is allowed, denied, or logged. If a policyhas not been configured for the URL category or reputation, the defaultis to permit the HTTP response.
In the case of SmartFilter and Websenseservers, the Cisco IOS content filtering service sends a URL lookuprequest to the URL database server and the server responds with eithera permit or deny message. URL filtering policies for SmartFilter andWebsense servers specify a server-based action.
Allow Mode
When the Cisco IOS content filteringservice is unable to communicate with the URL filtering server, thesystem enters allow mode. The default setting for allow mode is off,and all HTTP requests that pass through local filtering mode areblocked. When allow mode is on, all HTTP requests that passed throughlocal filtering mode are allowed.
When both local filtering and URLdatabase filtering modes fail, the system goes into allow mode. If theallow mode action is set to on, all URL requests are allowed.Otherwise, all HTTP requests are blocked.
默认ip urlfilter allow-mode 是off的。开启url过滤后,所有的url都被阻止。
1、建立白名单
ip inspect name web http java-list 5 urlfilter
开启inspect http,过滤url
ip urlfilter exclusive-domain permit .sohu.com
ip urlfilter exclusive-domain permit .cisco.com
添加允许条件
interface FastEthernet0/1
内网接口上调用
ip inspect web in
2、建立黑名单
ip inspect name web http java-list 5 urlfilter
开启inspect http,过滤url
ip urlfilter allow-mode on
缺省为off,改变成on,默认打开网页时允许通过
ip urlfilter exclusive-domain deny .sohu.com
ip urlfilter exclusive-domain deny .cisco.com
添加拒绝条件
interface FastEthernet0/1
内网接口上调用
ip inspect web in
