Use the Cisco IOS router to filter webpage content

Source: Internet
Author: User

Nowadays, filtering network content is not only an optional action for enterprises, but also an action that enterprises must take to prevent employees from making mistakes. In this article, the author David Davis will explain how the Cisco IOS router uses third-party services to implement Web content filtering.

To protect enterprise networks and end users from malicious or undesirable web content intrusion, we can use subscription-based Cisco IOS content filtering. This is the first time Cisco has incorporated the services provided by third-party companies such as SmartFilter (former N2H2 company) and Websense into IOS 12.2 (15) T. In IOS12.4 (15) XZ and 12.4 (20) T this year, Cisco IOS added Trend Micro (Trend) to its URL filtering service.

If you want to use the above features, make sure that our router IOS supports this feature. With Cisco IOS Feature Navigator, we can verify that the software image used supports this Feature.

Of course, in addition to the appropriate IOS images, we must register services with these third-party companies to obtain their URL filtering services. Based on the Trend Micro wizard, we can register a Router to obtain the Trend Router Provisioning Server (TRPS ). For more information, see Prerequisites for Cisco subscribe-based IOS Content Filtering.

Why does it rely on URL filtering?

As a network administrator, we certainly do not want to spend a lot of time focusing on the Network Content browsed by users. The Internet filter service is a convenient function for this situation. In the past, when I deployed the Web page filtering service, I always liked to say to users who complained: "This is a Web filtering service, saying that your website is not allowed to be accessed. "

By deploying URL filtering, we can use services of third-party companies to filter malicious or inappropriate Internet traffic from end users. In addition to simply enabling or disabling the filter function, we can also open the content or site for specific websites and users.

The end user's URL request is associated with the Trend Router Provisioning Server (TRPS) to allow or deny user access based on our preset policies. When you type a URL, the Service performs a query based on the policy. If the policy permits, the user can continue to access the website. If the policy does not permit, the user will be blocked from accessing the URL.

Cisco filter options

Whitelist: (trust domain name list) allows you to set a specific domain name through a vro, such as

Blacklist: (non-trusted domain name list) specifies a specific domain name and cannot pass through the router. The setting information is displayed

By the server for later check. For example,

Blocking Keyword: Set the URL string or keyword used for filtering, such as * www. parrot. * or * rockbaby *. In this way, once "rockbaby," appears in the URL, the router will block access

You do not need to go through the TRPS server.

Cache recent requests: This function saves the processing policies of recent access requests. Therefore, there is no need to let the user pass the TRPS process every time a request is sent.

Group Buffer: This function allows you to store URL information while waiting for the query process to complete. This is a powerful function that can prevent router overload caused by excessive HTTP requests. The default Response count is 200, but can be modified. This function also applies to third-party filter servers Websense and SmartFilter.

How do I configure Cisco IOS URL filtering?

To configure Cisco ios url filtering, we need to have a deep understanding of firewall rules and URL filtering principles. After we register with Trend Micro's filter system, follow these steps to set the Trend Micro URL filter service in Cisco IOS:

Configure Class Maps for local URL filtering

Configure Class Maps for Trend Micro URL filtering

Configure Parameter Maps for Trend Micro URL filtering

Configure a URL Filter Policy

Additional URL Filter Policy

For the IOS commands and configuration examples required to configure third-party URL Filtering, refer to the Cisco's subscribe-based IOS Content Filtering webpage.


By using the Cisco IOS filter to filter URLs, we can easily block malicious websites out of the enterprise network. For various types of enterprises, in order to protect their network security and maintain their work efficiency, the demand for Web content filtering is growing.

  1. Configure 16 permission levels for Cisco IOS
  2. You have mastered the usage of Cisco IOS test commands!

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.