Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Blocking URLs on PIX 506e (http://www.velocityreviews.com/forums/t30970-blocking-urls-on-pix-506e.html)

John Smith 12-15-2003 03:02 PM

Blocking URLs on PIX 506e
 
Hi,

I am interested in blocking a small number of URLs from passing through our
PIX 506e firewall. The only solution seems to be to subscribe to a 3rd
party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
beyond the scope of a small company.

Does anyone know of a way of using a simple lookup list to block a few URLs,
please? Thanks.

S. Brabbins sbx@digitalimage.co.uk



Walter Roberson 12-15-2003 04:14 PM

Re: Blocking URLs on PIX 506e
 
In article <3fddcd9e$0$13353$ed9e5944@reading.news.pipex.net> ,
John Smith <someone@microsoft.com> wrote:
:I am interested in blocking a small number of URLs from passing through our
:PIX 506e firewall. The only solution seems to be to subscribe to a 3rd
:party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
:beyond the scope of a small company.

:Does anyone know of a way of using a simple lookup list to block a few URLs,
:please? Thanks.

The PIX has no facilities to block by URL other than in conjunction
with WebSense or N2H2.

If you can, block by IP address instead.
--
WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,v onNeumann}D ?

Hugo Drax 12-16-2003 01:18 AM

Re: Blocking URLs on PIX 506e
 

"John Smith" <someone@microsoft.com> wrote in message
news:3fddcd9e$0$13353$ed9e5944@reading.news.pipex. net...
> Hi,
>
> I am interested in blocking a small number of URLs from passing through

our
> PIX 506e firewall. The only solution seems to be to subscribe to a 3rd
> party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
> beyond the scope of a small company.
>
> Does anyone know of a way of using a simple lookup list to block a few

URLs,
> please? Thanks.
>
> S. Brabbins sbx@digitalimage.co.uk
>
>


Not with the pix, I would look into other products if you need a small
firewall with internal URL blocking capabilities at the moment, if you have
an internal forwarding DNS(localhosts pointing to it) you can always create
static records pointing the A records to an internal company website with a
warning, then preventing DNS outbound from your local workstations
(preventing alternate DNS use) If you have a Windows or Linux Server it is a
trivial thing to make it a forwarding DNS server+homegrown blacklist.

Another method is blocking the websites via ACL , ping the url's and block
the networks/hosts using an outbound ACL.

Use some creativity in your job. :)




All times are GMT. The time now is 04:20 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.