Using NBAR to match web traffic

Although NBAR is an extremely powerful tool that CISCO IOS has to offer, many guys still dont know how use the match statements correctly.
You can use NBAR to block almost any part website or the content there of. It is most useful to block those bandwidth hungry websites that contains pictures, videos, music or even flash.

The match protocol HTTP function is what you will need to use.
Firstly to match just the HOSTNAME of the website:

match protocol http host *facebook.com*
! This would match any hostname containing the string
! 'facebook.com' like http://www.facebook.com
! or http://login.facebook.com
!
match protocol http host *google*
! This would match any hostname containing the word google
! like http://mail.google.com or http://www.google.co.za
! or http://images.google.com
!
match protocol http host google*
! This would match http://google.co.za but
! not http://mail.google.com
!

Secondly to  match certain URL strings:

Continue reading “Using NBAR to match web traffic”

Advertisements