These commands are used to configure the Cisco IOS router to filter HTTP requests through Websense Filtering Service. These configuration settings can be saved into the startup configuration. See
Step 8 in the preceding procedure for instructions.
This global command turns on HTTP filtering. The urlfilter value associates URL filtering with HTTP inspection rules. You may configure two or more inspections in a router, but the URL filtering feature only works with those inspections in which the
urlfilter field is enabled. This setup command is required.
This setup command is required to identify Filtering Service to the Cisco IOS router and configure additional values. When using this command, the Cisco IOS router checks for a primary Filtering Service—one that is active and being sent URL lookup requests. If a primary server is configured, the router marks the server being added as a secondary server.
|
|
|
The Filtering Service port (referred to as the integration communication port) you entered during Websense installation.
|
|
|
|
How many times the router retransmits an HTTP request when there is no response from Filtering Service.
|
This message is logged for each URL requested that is blocked by Websense software. The message includes the blocked URL, the source IP address/port number, and the destination IP address/port number. Long URLs are truncated to 300 bytes and then logged.
This command is used to control the logging of system messages to Filtering Service and is disabled by default. To allow logging (and consequently reporting) of Internet activity on your system, you must enable this feature.
When logging is enabled, the Cisco IOS router sends a log request immediately after the URL lookup request. The log message contains information such as the URL, host name, source IP address, and destination IP address.
This optional command is used to add a domain to, or remove a domain from, the exclusive domain list. Cisco IOS router URL filtering allows you to specify a list of domain names for which the router does not send lookup requests to Websense Filtering Service.
The permit flag permits all traffic to <
domain-name>. The
deny flag blocks all traffic to <
domain-name>.
For example, if www.yahoo.com is added to the exclusive domain list, all the HTTP traffic whose URLs are part of this domain (such as www.yahoo.com/mail/index.html, www.yahoo.com/news, and www.yahoo.com/sports) are permitted without sending a lookup request to Filtering Service.
You may also specify a partial domain name. For example, you can enter .cisco.com instead of the complete domain name. All URLs with a domain name ending with this partial name (such as www.cisco.com/products, www.cisco.com/eng, people-india.cisco.com/index.html, and directory.cisco.com) are permitted or denied without having to send a lookup request to Filtering Service. When using partial domain names, always start the name with a dot (i.e., period).
Use the no form of this command (i.e., add the keyword
no to the beginning) to undo permitting or blocking of a domain name. The permitting or blocking of a domain name stays in effect until the domain name is removed from the exclusive list. Using the
no form of this command removes the specified domain name from the exclusive list. For example, to stop the automatic permitting of traffic (and send lookup requests to Filtering Service) to www.example.com:
This command controls the default filtering policy if Filtering Service is down. If the
allowmode flag is set to
on, and the Cisco IOS router cannot find a Filtering Service, all HTTP requests are permitted.
If allowmode is set to
off, all HTTP requests are blocked when Filtering Service becomes unavailable. The default for
allowmode is
off.
Use this optional command to configure the maximum number of HTTP responses that the Cisco IOS router can store in its packet buffer.
Use this optional command to set the maximum number of outstanding requests that can exist at a given time. When this number is exceeded, subsequent requests are dropped. The
allowmode flag is not considered in this case because it is only used when Filtering Service is down.