Blocking Web Address using Access List

[PaulHurst]

I am new the our PIX Firewall and wish to block access to specific web sites, including launchcast and messenger.hotmail.com for example. Anyone have a suggestion as to the command to enable this.

Thank you

 

[baddos]

If you modify this with the website's IP addresses, this will block HTTP access to them.

access-list 103 deny tcp any host xxx.xxx.xxx.xxx eq 80
access-list 103 permit ip any any
access-group 103 in interface inside

 

[PaulHurst]

I am concerned that the statment
access-list 103 permit ip any any

would remove the function of the PIX

 

[baddos]

This is for outbound only. It would block port 80 for the specific ip, but allow everything else. If the access-list was bound to the outside interface, then it would be for incoming.

 

[yizhar]

HI.

The pix can only block/permit by IP addresses and port numbers.

For more granular enforcement of outbound policy, you will need a 3rd party product that can work as a proxy server, or as a URL filter (like N2H2 or Websense).

You can build a low cost solution with:
Linux - OS

http://www.redhat.com

SQUID proxy - cache engine

http://www.squid-cache.org/

DansGuardian - content filter

http://dansguardian.org/

webmin - administrator interface

http://www.webmin.com/

Bye


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar