Blocking specified websites through Cisco IOS on ADSL router

Posted on 2007-12-05
Last Modified: 2008-02-01

One of our clients has the problem of it's staff spending a lot of time on MySpace, Facebook etc.

They don't have any content filtering, pretty much an open gateway to the net through a Cisco 857 ADSL Router.

I've done a fair bit of research trying to get the router to block traffic to those particular sites.

I began trying to block the sites by name, but for whatever reason, I can't resolve external host names, even though I have DNS servers listed - it doesn't seem to query the DNS servers.

That's fine though... in the short term, I just want to block these sites any way I can.

I'm no ACL expert, but I tried the below:

interface Dialer0
 ip access-group block-web out

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 permit tcp any any
 deny   tcp any eq www eq www

The network is the one the MySpace servers appear to be on.

When I apply this though, ALL web access blocked. I've tried swapping the permit & deny lines around too with no joy. There is no other ACL on outbound traffic.

Any ideas on what I'm doing wrong?

Ultimately, the DNS approach would be best, but for whatever reason, that doesn't seem to be happening...

Thanks in advance!
Question by:slamit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 28

Accepted Solution

batry_boy earned 500 total points
ID: 20417070
Try making the access list look like the following:

ip access-list extended block-web
 remark Block specified websites
 remark SDM_ACL Category=1
 deny   tcp any eq www
 permit ip any any

See if that helps...
LVL 28

Expert Comment

ID: 20417074
BTW, you won't be able to use the DNS method on a router because the router cannot reference an FQDN as part of an access list's a bummer, I know, because I would love to be able to do this and have tried myself.

Author Comment

ID: 20417092
Awesome, thanks so much!! :)
LVL 28

Expert Comment

ID: 20417135
You're welcome!

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Monitor Internet Edge Router behind Firewall 2 30
WLC and radius 4 29
Ping in Fortigate 2 36
Moving vSAN traffic to a new network 4 67
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question