Ethernet Switches & Routers

Reply
New Contributor
Posts: 2
Registered: ‎11-02-2013

How can I block access to specific websites on MLXe,netiron family?

[ Edited ]
I was given a list of URLs to be blocked (not to be accessed from our clients since the MLXe is used as the main device in the ISP I'm working) but i'm finding it a bit difficult since i'm in the beggining of working with Brocade devices. I would really appreciate some help and maybe an example of blocking a specific URL. Connection to the clients is reached through BGP. Thanks in advance :manvery-happy:
Occasional Contributor
Posts: 16
Registered: ‎11-01-2013

Re: How can I block access to specific websites on MLXe,netiron family?

Hello there,

  your question is rather loaded and thus difficult to accurately respond.

 

Are you looking to block specific hosts (xxx.xxx.xxx.xxx)? Are you looking to block http access to specific websites?

 

There are solutions out there to help with site access, like the honeypot project (https://www.projecthoneypot.org/) or bogon route filtering (http://www.team-cymru.org/Services/Bogons/bgp.html). You can also just use a simple access-list on an interface to deny access from a specific network (yours) to a specifc subnet range or host. Though I typically don't recommend this type of filtering at your edge.

 

What are you trying to accomplish?

 

New Contributor
Posts: 2
Registered: ‎11-02-2013

Re: How can I block access to specific websites on MLXe,netiron family?

I'm actually looking to block http access to specific websites and I need to do it on the Brocade MLXe-8. Since there are a bit too much to block I was looking for a way to block based on URLs (like 4000 URLs to block).

Occasional Contributor
Posts: 16
Registered: ‎11-01-2013

Re: How can I block access to specific websites on MLXe,netiron family?

Whoa.... at 4000 urls you are definitely outside of what an edge router is meant to do (I'm assuming you are using the MLX as an edge device). I don't think Brocade routers support webtype ACLs a-la cisco-magic. I do these types of filtering from Vyatta or Fortinet product.

The MLXe is an awesome router! It is not a security appliance. If you are limited and are unable to insert any other solution, then the only thing that comes to mind is a lot of monotonous work.

Do a dig on every website

Grab the IP addresses that come

Null route each of them as a /32 - ip route evil.website.ip.address 255.255.255.255 Null0

 

.... and hope the website maintainers don't ever renumber!

New Contributor
Posts: 2
Registered: ‎11-06-2013

Re: How can I block access to specific websites on MLXe,netiron family?

Websense can give more flexibility in Real Time to manage all sort of Internet acces, including Real Time secuirty and categorization

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Click to Register
Download FREE NVMe eBook