知识屋:更实用的电脑技术知识网站
所在位置:首页 > 电脑知识 > 路由器

cisco利用路由器来做url过滤

发布时间:2015-06-17 12:08:53作者:知识屋

cisco利用路由器来做url过滤
 
Cisco IOS Content Filtering Modes 
Subscription-based Cisco IOS content filtering operates in one of threemodes: local filtering mode, URL database filtering mode, and allowmode. 
  www.zhishiwu.com  
Local Filtering Mode 
 
In this mode, the Cisco IOS contentfiltering service first tries to match the requested URL with the locallists of trusted domains (white list), untrusted domains (black list),and blocked keywords. If a match is not found, the Cisco IOS contentfiltering service forwards the lookup request to the URL filteringserver as specified in the policy. If the Cisco IOS content filteringservice cannot establish communication with the URL filtering server,the system enters allow mode. 
 
The system is in local filtering modewhen a URL filtering policy for a URL filtering server has not beenspecified and when the system cannot establish a connection with theURL filtering server. 
 
URL Database Filtering Mode 
 
In this mode, the Cisco IOS contentfiltering service has connectivity with the URL filtering server; itcan send URL lookup requests to and receive URL lookup responses fromthe URL filtering server. 
 
In the case of a TRPS, the Cisco IOScontent filtering service sends a URL category lookup request to theTRPS and the TRPS responds with the URL category and the URLreputation. Based on the policy set for the URL category andreputation, the HTTP request is allowed, denied, or logged. If a policyhas not been configured for the URL category or reputation, the defaultis to permit the HTTP response. 
 
In the case of SmartFilter and Websenseservers, the Cisco IOS content filtering service sends a URL lookuprequest to the URL database server and the server responds with eithera permit or deny message. URL filtering policies for SmartFilter andWebsense servers specify a server-based action. 
 
Allow Mode 
 
When the Cisco IOS content filteringservice is unable to communicate with the URL filtering server, thesystem enters allow mode. The default setting for allow mode is off,and all HTTP requests that pass through local filtering mode areblocked. When allow mode is on, all HTTP requests that passed throughlocal filtering mode are allowed. 
 
When both local filtering and URLdatabase filtering modes fail, the system goes into allow mode. If theallow mode action is set to on, all URL requests are allowed.Otherwise, all HTTP requests are blocked. 
 
默认ip urlfilter allow-mode 是off的。开启url过滤后,所有的url都被阻止。
1、建立白名单
ip inspect name web http java-list 5 urlfilter 
开启inspect http,过滤url
 
ip urlfilter exclusive-domain permit .sohu.com
ip urlfilter exclusive-domain permit .cisco.com
 
添加允许条件
 
interface FastEthernet0/1
内网接口上调用
 
ip inspect web in
 
2、建立黑名单
ip inspect name web http java-list 5 urlfilter 
开启inspect http,过滤url
 
ip urlfilter allow-mode on
缺省为off,改变成on,默认打开网页时允许通过
 
ip urlfilter exclusive-domain deny .sohu.com
ip urlfilter exclusive-domain deny .cisco.com  
添加拒绝条件
 
interface FastEthernet0/1
内网接口上调用
 
ip inspect web in
(免责声明:文章内容如涉及作品内容、版权和其它问题,请及时与我们联系,我们将在第一时间删除内容,文章内容仅供参考)
收藏
  • 人气文章
  • 最新文章
  • 下载排行榜
  • 热门排行榜