Using Cisco NBAR for blocking PORN or XXX or Specific URL string
Posted by a. Rahman Isnaini r. Sutan on June 6th, 2008
Tired & want to block all “thing related” to the “picture’s below” from being accessed by your LAN / Saving your “Soap” from being used by Single man [Not Married yet] ?
Steps Configure IP NBAR Cisco with Regular Expression [old file] :
1. Configure Class Map to match any string in URL
class-map match-any ADULT-URL
match protocol http url “*porn*”
match protocol http url “*porn”
match protocol http url “porn*”
match protocol http url “*xxx*”
match protocol http url “xxx*”
match protocol http url “*xxx”
what ever specific string in URL you want to be blocked, put it on the list (3 raws with different place of “*” to match exactly”
2. Config Policy Map to Mark Traffic ADULT ini (DSCP x)
policy-map FILTER-ADULT
class ADULT-URL
set ip dscp 5
3. Create Access List to match marking traffic (DSCP) according to Policy Route-Map which will be set to Null.
access-list 150 permit ip any any dscp 5
access-list 150 deny ip any any
4. Configure Route-Map to Null traffic
route-map DENY-ADULT permit 10
match ip address 150
set interface Null0
5. Apply Service Policy to Interface LAN where accessing to this adult sites will be restricted
int f0/0.6
desc LAN-ADULT-SITE-RESTRICTED
ip policy route-map DENY-ADULT
service-policy input FILTER-ADULT
More regexp :
class-map match-any BLOCK-URL
match protocol http url “*lapotuak*”
match protocol http url “*adadeh-ffi*”
match protocol http url “*faithfreedom*”
match protocol http url “*lapo*tuak*”
match protocol http url “*komiknabimuhammad*”
match protocol http url “*komikmuhammad*”
match protocol http url “*komik*muhammad*”
match protocol http url “*Azl.jpg*”
match protocol http host “*faithfreedom*”
match protocol http url “*AlAzl2.jpg*”
match protocol http url “*AlAzl3.jpg*”
match protocol http url “*Draw Mohammed*”
match protocol http url “*Draw*Mohammed*”
In Mikrotik :
iptables -A FORWARD -m string –string “komikmuhammad” –algo bm –to 65535 -j DROP
iptables -A FORWARD -m string –string “komiknabimuhammad” –algo bm –to 65535 -j DROP
iptables -A FORWARD -m string –string “Draw-Mohammed” –algo bm –to 65535 -j DROP
iptables -A FORWARD -m string –string “faithfreedom” –algo bm –to 65535 -j DROP
iptables -A FORWARD -m string –string “Draw Mohammed” –algo bm –to 65535 -j DROP
by: Cak Jami
a. rahman isnaini r.sutan
July 29th, 2008 at 8:30 am
IRsmrR hi! hice site!
July 30th, 2008 at 1:41 am
Hi Nick,
Thanks,…
July 30th, 2008 at 4:05 am
Jago kali uda ini…..sarapan apa tiap pagi :)))
July 30th, 2008 at 8:11 am
Bisa aja Kau Yud..
Kadang Mie Goreng Indomie, Kadang Sari Roti, kadang ga makan..
August 20th, 2008 at 9:28 am
[...] Cisco NBAR block PORN or XXX or Specific URL string [...]
September 18th, 2008 at 12:05 pm
Doesnt seem to be working for me, i get hit counts on the ACL but all traffic still goes thru
October 14th, 2008 at 1:37 am
I dont have any idea what the relation between soap and a single men (stupid mode = on)
October 14th, 2008 at 4:19 am
Shabbar, your IOS version please ?
?
Soap Man, yang bener
November 20th, 2009 at 4:20 pm
[...] Cisco NBAR to Block Regular Expression [Regexp] [...]
June 15th, 2010 at 9:27 pm
That rss alternative on your internet site here is impressive, you should tell persons about it as part of your next publish. I haven’t noted it for your very first couple of times, now I’m making use of it each morning to verify on any updates. I’m on a definitely slow dial-up connection in Kentucky and it’s pretty baffling to sit there and wait for such a long time ’til the page loads… but hey, I just identified your rss page and added it towards the Google Reader and voil? – I’m often up-to-date! Properly pal, hold up the very good work and make that rss button a little bigger so that other people can appreciate that as perfectly
July 15th, 2010 at 1:41 am
’save “Soap” for not married/single man yet’ — maksude yo opo waakkakkak… ngakak abis om :))
July 22nd, 2010 at 11:02 am
‘Ad, kuwi maksude… sing dereng rabi ngabisin sabun ae…