11-02-2013 02:53 AM - edited 11-02-2013 05:14 AM
11-04-2013 05:43 AM
your question is rather loaded and thus difficult to accurately respond.
Are you looking to block specific hosts (xxx.xxx.xxx.xxx)? Are you looking to block http access to specific websites?
There are solutions out there to help with site access, like the honeypot project (https://www.projecthoneypot.org/) or bogon route filtering (http://www.team-cymru.org/Services/Bogons/bgp.html). You can also just use a simple access-list on an interface to deny access from a specific network (yours) to a specifc subnet range or host. Though I typically don't recommend this type of filtering at your edge.
What are you trying to accomplish?
11-04-2013 10:04 AM
I'm actually looking to block http access to specific websites and I need to do it on the Brocade MLXe-8. Since there are a bit too much to block I was looking for a way to block based on URLs (like 4000 URLs to block).
11-04-2013 11:11 AM
Whoa.... at 4000 urls you are definitely outside of what an edge router is meant to do (I'm assuming you are using the MLX as an edge device). I don't think Brocade routers support webtype ACLs a-la cisco-magic. I do these types of filtering from Vyatta or Fortinet product.
The MLXe is an awesome router! It is not a security appliance. If you are limited and are unable to insert any other solution, then the only thing that comes to mind is a lot of monotonous work.
Do a dig on every website
Grab the IP addresses that come
Null route each of them as a /32 - ip route evil.website.ip.address 255.255.255.255 Null0
.... and hope the website maintainers don't ever renumber!
11-06-2013 12:13 PM
Websense can give more flexibility in Real Time to manage all sort of Internet acces, including Real Time secuirty and categorization