how to block a website through my router

Hi, I have a cisco router 871, I was wondering if I can block a website through my router..

Thank you
modezaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
0
JustInCaseCommented:
If you want to block access to some website (if I understood question), you first need to find IP address(es) of site (nslookup, wireshark or any other way).

cmd
nsloookup

www.somewebsite.com

Non-authoritative answer:
Name:    www.website.com
Address:  a.x.y.z

access-list 111 deny any a.x.y.z      <-----  create ACL to block access

interface fa4  <--- WAN port
ip access-group 111 out   <--- apply it to WAN interface in OUT direction

Some locations are easy to block, while others... not so easy

PS
You can also do the same for specific VLANs (so you don't need to do it on WAN at all), if you want just to filter traffic from specific VLANs. The only difference would be that you need to assign filtering in IN direction.
interface vlan 10
ip access-group 111 in
This would filter traffic to specific location only for VLAN 10.

You can also block also just specific ports (like )80 & 443 if you want by creating ACL differently.
0
modezaAuthor Commented:
Actually the site I need to block is https://web.whatsapp.com/

I ran the nslookup command .. it gave me 31.13.66.49
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

akahanCommented:
Blocking that IP won't block web.whatsapp.com .  It has many different IP addresses.  you won't be able to block it by blocking the numeric IP address.
1
JustInCaseCommented:
Yap, whatsappp.com uses many IP addresses, ip address that you found in nslookup is not even listed in article and there could be many more IPs in use
HOWTO blocking WhatsApp

You can try to block ports used by whatsapp.com listed in article - 5222 5223 5228 5060 5064.

access-list 111 deny tcp any any eq 5222
access-list 111 deny tcp any any eq 5223
access-list 111 deny tcp any any eq 5228
access-list 111 deny tcp any any eq 5060
access-list 111 deny tcp any any eq 5064
access-list 111 deny udp any any eq 5222
access-list 111 deny udp any any eq 5223
access-list 111 deny udp any any eq 5228
access-list 111 deny udp any any eq 5060
access-list 111 deny udp any any eq 5064
access-list 111 permit ip any any

interface fa4
ip access-group 111 out

If it does not work its job (or it works OK but create problems with some other applications that need those ports), you can remove it using commands

no access-list 111

interface fa4
no ip access-group 111 out
0
modezaAuthor Commented:
Hi experts.. I added those lines and my internet connection went down completely :(

Thank you!
0
JustInCaseCommented:
Internet can went down if you forget to add permit any any at the end
access-list 111 permit ip any any
If there is no that command at the end than it is implicated command
access-list 111 deny any any
at the end :)
I issued to my router this  ACL and everything still works.
C881(config)#access-list 111 deny tcp any any eq 5222
C881(config)#access-list 111 deny tcp any any eq 5223
C881(config)#access-list 111 deny tcp any any eq 5228
C881(config)#access-list 111 deny tcp any any eq 5060
C881(config)#access-list 111 deny tcp any any eq 5064
C881(config)#access-list 111 deny udp any any eq 5222
C881(config)#access-list 111 deny udp any any eq 5223
C881(config)#access-list 111 deny udp any any eq 5228
C881(config)#access-list 111 deny udp any any eq 5060
C881(config)#access-list 111 deny udp any any eq 5064
C881(config)#access-list 111 permit ip any any
C881(config)#
C881(config)#int fa4
C881(config-if)#ip access-group 111 out

Open in new window

:)

To check is it really active and OK
C881#sh access-lists 111
Extended IP access list 111
    10 deny tcp any any eq 5222
    20 deny tcp any any eq 5223
    30 deny tcp any any eq 5228
    40 deny tcp any any eq 5060
    50 deny tcp any any eq 5064
    60 deny udp any any eq 5222
    70 deny udp any any eq 5223
    80 deny udp any any eq 5228
    90 deny udp any any eq 5060
    100 deny udp any any eq 5064
    110 permit ip any any (14586 matches)

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
modezaAuthor Commented:
Thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.