Blocking URLs on PIX 506e

Discussion in 'Cisco' started by John Smith, Dec 15, 2003.

  1. John Smith

    John Smith Guest

    Hi,

    I am interested in blocking a small number of URLs from passing through our
    PIX 506e firewall. The only solution seems to be to subscribe to a 3rd
    party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
    beyond the scope of a small company.

    Does anyone know of a way of using a simple lookup list to block a few URLs,
    please? Thanks.

    S. Brabbins
     
    John Smith, Dec 15, 2003
    #1
    1. Advertising

  2. In article <3fddcd9e$0$13353$>,
    John Smith <> wrote:
    :I am interested in blocking a small number of URLs from passing through our
    :pIX 506e firewall. The only solution seems to be to subscribe to a 3rd
    :party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
    :beyond the scope of a small company.

    :Does anyone know of a way of using a simple lookup list to block a few URLs,
    :please? Thanks.

    The PIX has no facilities to block by URL other than in conjunction
    with WebSense or N2H2.

    If you can, block by IP address instead.
    --
    WW{Backus,Church,Dijkstra,Knuth,Hollerith,Turing,vonNeumann}D ?
     
    Walter Roberson, Dec 15, 2003
    #2
    1. Advertising

  3. John Smith

    Hugo Drax Guest

    "John Smith" <> wrote in message
    news:3fddcd9e$0$13353$...
    > Hi,
    >
    > I am interested in blocking a small number of URLs from passing through

    our
    > PIX 506e firewall. The only solution seems to be to subscribe to a 3rd
    > party service such as 'Websense' or N2Hs, which cost $1,000 PA plus - way
    > beyond the scope of a small company.
    >
    > Does anyone know of a way of using a simple lookup list to block a few

    URLs,
    > please? Thanks.
    >
    > S. Brabbins
    >
    >


    Not with the pix, I would look into other products if you need a small
    firewall with internal URL blocking capabilities at the moment, if you have
    an internal forwarding DNS(localhosts pointing to it) you can always create
    static records pointing the A records to an internal company website with a
    warning, then preventing DNS outbound from your local workstations
    (preventing alternate DNS use) If you have a Windows or Linux Server it is a
    trivial thing to make it a forwarding DNS server+homegrown blacklist.

    Another method is blocking the websites via ACL , ping the url's and block
    the networks/hosts using an outbound ACL.

    Use some creativity in your job. :)
     
    Hugo Drax, Dec 16, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dhruv

    stealth-blocking, isp blocking website

    Dhruv, Oct 25, 2004, in forum: Computer Security
    Replies:
    9
    Views:
    3,138
  2. Michiel
    Replies:
    4
    Views:
    4,737
    Michiel
    Aug 22, 2006
  3. Michiel
    Replies:
    2
    Views:
    975
    Michiel
    Aug 22, 2006
  4. Michiel
    Replies:
    19
    Views:
    1,228
    Michiel
    Aug 24, 2006
  5. Replies:
    1
    Views:
    359
    Walter Roberson
    Dec 2, 2006
Loading...

Share This Page