Url Blacklisting Support - Cisco ASR 5000 series Product Overview
Hide thumbs
Also See for ASR 5000 series:
- Administration manual (509 pages) ,
- Installation manual (317 pages) ,
- Thresholding configuration manual (163 pages)
Table of Contents
Advertisement
Content Filtering Support Overview
URL Blacklisting Support
In the URL Blacklisting solution, a blacklist is a list of known URLs/URIs, which for some reason are being denied
recognition. The blacklist can be obtained from a known source such as the National Center for Missing & Exploited
Children (NCMEC, http://www. missing kids.com), or any other IP source. The blacklist is a clear text file, the file must
be named cumulative.csv, and must use the same format as the blacklist file from NCMEC. For more information on the
blacklist file, please contact your local service representative.
Unlike the Category-based Content Filtering solution, which categorizes URLs as per a static database and takes
different actions based on the different policies associated with subscribers, URL Blacklisting is applicable to all
subscribers associated with a blacklisting-enabled rulebase. The same blacklist database is used for all subscribers, and
for a specific URL, the same action is taken for all subscribers.
The blacklist file is downloaded and converted into a non human-readable optimized format (OPTBLDB) and then
made available in the system. Once in place, all HTTP and WAP requests from subscribers are inspected in order to
determine the requested destination URL/URI. If the URL/URI is not present in the blacklist then the request is passed
on as usual. If the URL/URI is present in the blacklist, the request is dropped, or the flow is redirected or terminated as
configured. There is no indication/messaging sent to the requesting subscribers that the requested HTTP/WAP
URL/URI was rejected due to a blacklist match.
The URL Blacklisting match-method can be configured to either be generic or to look for any URL/URI in its exact,
literal form.
The system generates usage/event data that can be utilized as the basis for blacklist reporting. The offline reports consist
of, at a minimum, a running total of the number of times a match was made against the blacklist without any
information regarding the specifics of the request.
The default/configured number of versions of the Blacklist database are maintained on the chassis (both the SPCs). This
enables reverting to a particular version if required.
The following figure shows the high-level URL Blacklisting architecture with ECS, and other components in a
deployment scenario.
OL-22938-02
URL Blacklisting Support ▀
Cisco ASR 5000 Series Product Overview ▄
Advertisement
Table of Contents
