Cisco 500 Series Cache Engines

Filtering URLs in Cisco Content Engines (Caching Only)

Document ID: 12573

Updated: Oct 08, 2006



This document shows how to configure the Cisco Cache and Content Engines in order to filter URLs with Cisco Cache and Content Software, Releases 2.3.0 through 5.x.



There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Block Access to Sites

This is an add-on for the configuration of the URL-filter feature on the Cache Engine. You can block access to sites with the command url-filter bad-sites-block (version 2.x - 4.x) or the command url-filter http bad-sites-deny (version 5.x), and then list these URLs in a badurl.lst file.

You can also enable access to good sites. The command url-filter good-sites-allow (version 2.x - 4.x) or the command url-filter http good-sites-allow (version 5.x) is configured the same way, but blocks all URLs except the ones listed in a goodurl.lst file. The two features cannot coexist.

  1. Create a badurl.lst that contains the list of sites you wish to block. You can also create an optional block.html that contains an HTML text message to send back to the client in order to inform the client that a URL has been blocked.

    In this example (version 2.3), a badurl.lst and block.html files were created� with an ASCII editor (Notepad or vi) and placed in the /local/etc directory. The files were transferred from a workstation with FTP binary transfer mode.

    cache#cd /local/etc�
    ��� size����� date��������� time������� name���������� LongName�
    ��� -----���� --------����� --------��� ----------���� ---------������
    ����� 512���� Mar-24-2000�� 13:07:48��� .������������� .�
    ����� 512���� Apr-09-2000�� 18:12:44��� ..������������ ..�
    ��� 96020���� Mar-24-2000�� 13:08:04��� EVENTS.DAT���� events.dat�����
    ����� 512���� Mar-24-2000�� 13:13:24��� TRANSLOG������ translog�
    ���� 5816���� Mar-24-2000�� 13:13:24��� FTPMIM~1.CON�� ftp.mime.config�����
    ������ 62���� Apr-09-2000�� 18:10:36��� BADURL.LST���� badurl.lst�
    ����� 261���� Apr-09-2000�� 17:34:38��� BLOC~1.HTM���� block.html�
    ���� 4 DIR(S),�� 4 FILE(S) 102159 bytes�
    ���� 1986723840 bytes AVAILABLE ON VOLUME /c0t0d0s1
  2. Issue the type command in order to verify that all the files have been transferred. List sites you wish to block in the badurl.lst file, with the full URL syntax (such as The Cache Engine automatically skips all site subtrees.

    cache#type badurl.lst
  3. The custom message is optional.

    cache#type block.html
    ��� URL Blocked
    ��� The site you are trying to view is blocked.
    ��� Please contact your system administrator if
    ��� you need to unblock this site.
  4. Issue the url-filter bad-sites-block command in order to activate the feature in the Cache Engine.

    (version 2.x) cache(config)# url-filter bad-sites-block (version 2.x)
    (version 4.x) cache(config)# url-filter bad-sites-deny  /local1/badlist.lst  (version 4.x)
    (version 4.x) cache(config)# url-filter bad-sites-deny enable    (version 4.x)
    (version 5.x) cache(config)# url-filter http bad-sites-deny file /local1/etc/badurl.lst (version 5.x)
    (version 5.x) cache(config)# url-filter http bad-sites-deny enable    (version 5.x)
    cache(config)# exit
    cache# wr mem
    Building configuration.... . [OK]
  5. The show url-filter command shows that the feature is functional.

    version 2.x cache# show url-filter
    Block Bad sites from /local/etc/badurl.lst URL list
    Display customized URL blocking message from /local/etc/block.html file.
    version 4.x and 5.x
        cache# sh url-filter 
        URL filtering is set to use bad-list
        Local list configurations
        Good-list file name : 
        Bad-list file name : /local1/badlist.lst
        Custom message directory : 
        Websense server configuration
        Websense server IP     : <none>
        Websense server port   : 15868
        Websense server timeout: 20 (in seconds)
        Websense allow mode is ENABLED 
        N2H2 server configuration
        N2H2 server IP       : <none>
        N2H2 server port     : 4005
        N2H2 server timeout  : 5 (in seconds)
        N2H2 allow mode is ENABLED 

Related Information

Updated: Oct 08, 2006
Document ID: 12573