URL / Web content filter

Similar Messages

• Web content filter and shockwave

  Hi! I am using in my organization Squid proxy with DansGuardian as web content filter. The problem that i'm facing is that when i visit a site that uses shockwave,i get the messagethat " the Xtra package failed to initialize.. ". This problem is brought up by using DansGuardian, because when i use squid everything works fine.
  With the previous version of shockwave i had added as exceptions in url and site lists the following paths and everything worked fine:
  adobe.com
  download.macromedia.com/pub/shockwave/cabs/director/sw.cab#version=8,5,0
  download.macromedia.com/pub/shockwave/cabs/director/sw.cab
  get.adobe.com/shockwave/

  Try Settings > Wifi > your checked network > HTTP Proxy: Off

• App store icon gone missing/Web Content Filter - Apple Configurator

  I am using Apple Configurator to manage the iPads at my school. I changed the settings on my school's profile, within Apple Configurator, so that the App store was not available. The App store icon disappeared and all was good. I decided to change the settings back, to allow the App store, saved the settings and refreshed a group of iPads. The App store icon is still missing and it doesn't appear that my new settings have been applied. I quit Configurator and tried again, but no success. I am running Configurator 1.5 and the ipads are running iOS 7.1.
  Also, I have unchecked the "Allow use of You Tube" button because I want You Tube disabled, but Configurator still allows the use of You Tube through Safari. Is there any way to disable the use of You Tube without using the ridiculous "Web Content Filter", that when activated, limits adult content (good), which seems to include a lot of valuable educational sites (bad)? To me the only other option available seems to be to tick "Specific Websites Only" and spend the next year typing in all the possible sites that might have educational merit, ergo, my use of the word 'ridiculous'. Is there something I am missing?

  Locate it in the Apps folder and drag it to the dock.

• Cannot get URL web part filter to pass Parameter to List web part

  How do I wire an out-of-the-box URL web part filter to a SharePoint 2013 list (or "app" as renamed in 2013) web part when the list has a parameter?
  My SharePoint list uses a parameter because it needs a Contains filter, as in
       <Where>
        <Contains>
         <FieldRef Name="MyFieldName"/>
         <Value Type="Note">{MyParam}</Value>
        </Contains>
       </Where>
  The ParameterBinding is defined simply.
  <ParameterBinding Name="CohortParam" DefaultValue=""/>
  It has had Location="None" in the past, but another forum entry that I read suggested removing that.
  When I add the list (or "app" in SharePoint 2013) to a web part page and also add a URL Filter web part, the URL filter cannot see the parameter. The menu chain Connection >> Send Filter Values To >> [My List web part name] shows
  the dialogue. On the "Choose Connection" tab, I choose "Get Parameter Values From". Clicking the "Configure" button results in the "Configure Connection" tab having the message "The Consumer Web Part did not
  provide schema information".

  Hi Randy,
  You need to change the "MyParam" to "CohortParam", for parameterbinding element we need to add the location attribute as below codeline, then when we use the QueryString "CohortParam" with value in url, it will directly
  filter the list web part items without adding URL Filter web part.
  <ParameterBinding Name="CohortParam" Location="QueryString(CohortParam)" DefaultValue=""/>
  I attached my resutls as below image (also "MyParam" can be changed to "CohortParam" if you want), you can take a look.
  Thanks,
  Daniel Yang
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Daniel Yang
  TechNet Community Support

• Web content filter not working on Mavericks clients PC

  Hi,
  I recently installed osx mavericks server on a Mac mini and successfully enrolled and tested profile pushes to iphone 4's and iPad 2's. Last night I tried an rolling a MacBook Pro running mavericks and it seems to work okay but the testing wasn't all that good. I can push changes to the dock for example and they work okay but when trying to push changes like not allowing game centre or enabling parental controls, the settings are saying they were successfully pushed but aren't working. I could still access the game centre and adult web content that I was trying to restrict.
  Any ideas? Has anyone's else had this problem and fixed it?

  This seems to also now be resolved, well at least I think so. I'm able to push update from the Mavericks server to an MBP including web restrictions and usable items in the System Preferences. I think it was initially it took a few minutes for the pushed settings to be effective. Maybe I was too impatient
  The thing with restricting Game Center was interesting. I thought it would have removed the icon/app link completely but it doesn't. All it seems to do is prevent users from logging in. The Sign In button is disabled.

• What's the best Web content filter for managing client's on our network

  We have a somewhat mini scale network. We have anywhere from 40 to 60 ranging from WLan and Lan devices. Right now we have been using opendns for content filtering but we would like to limit certain sites to just certain groups and if someone goes onto a site they shouldn't then what we would like to know is the IP of the user and there mac address If we could somehow find a captive portal software or hardware that would be perfect because it takes a lot of guess work out of things. We use Apple Wireless router's and run 2 server's one running Mac OSX Server 10.6.7 and a 2nd server running the same which act's as our OD replica
  So my question is what do you guys use?
  Were looking for the more user friendly the better and by that i mean I don't want to be using ww-rt on some router or something
  Thank you for your time.

  Johnny.Danger wrote:
  We have a somewhat mini scale network. We have anywhere from 40 to 60 ranging from WLan and Lan devices. Right now we have been using opendns for content filtering but we would like to limit certain sites to just certain groups and if someone goes onto a site they shouldn't then what we would like to know is the IP of the user and there mac address If we could somehow find a captive portal software or hardware that would be perfect because it takes a lot of guess work out of things. We use Apple Wireless router's and run 2 server's one running Mac OSX Server 10.6.7 and a 2nd server running the same which act's as our OD replica
  So my question is what do you guys use?
  Were looking for the more user friendly the better and by that i mean I don't want to be using ww-rt on some router or something
  Thank you for your time.
  Have a look at Vicomsoft and their Intergate Inspect package. This runs on a Mac server and lets you link to Open Directory for authenticating users and lets you set filtering for users or for groups of users. Sounds exactly what you want.
  See http://www.vicomsoft.com/products/filter/index.html

• Apple Configurator Web Content Filtering Question

  I manage a few K12 classroom sets of iPods via Apple Configurator and I have a younger classroom that wants to limit web access to a few sites and I have been trying to adjust the profile in Apple Configurator to make this happen but it doesn't work.
  I open the profile and go to the Web Content Filter option and add a payload to only allow specific websites and enter the URLs and apply the updated profile to the supervised device but I can still get anywhere I want in Safari. I have tried this process for an hour now to no avail and can't seem to find anything online.
  The only thing I can think of is that this option to limit to specific sites is only available to iOS 7(?). We own quite a few of the 4th generation iPod Touches that are obviously denied this upgrade and so am looking for any help or validation that this option in Apple Configurator is available only to iOS 7 supervised devices???
  Thanks.

  Here is my answer as per an email from Chris C. a Systems Engineer for Apple Education:
  That was a new feature added with Apple Configurator 1.4 and works with iOS 7 supervised devices. I will research this a bit more to see if there is a way around this to work with iOS 6 devices and will follow up with you shortly.
  I understand that you cannot always support "older" operating systems but am truly frustrated with Apple's lack of support on iOS 6 devices when this is what so many K12 schools will have...

• Configurator not saving changes (Web Content)

  Hi.
  I am new to configurator.
  I have applied a base profile (many different settings) together with a separate profile for restricted websites.
  The base filter's 'Web Content Filter' is not set.
  The 'TwinsWebFilter' only has one payload ...the Web Content Filter.
  I have two issues.
  1. I can limit to Specific Websites. I add http://www.bbc.co.uk to the list and apply. This seems to filter all sites except the BBC (good) AND Apple.com. It does not seem to block Apple.com even though it is not in the whitelist. How do I block it? How do I know what other sites have not been blocked?
  2. When I double click on the policy within the 'supervise' panel, it opens for editing. I click on the 'Web Content Fillter' and it shows that it is back to 'Limit Adult Content' ... even though I had saved it as specific websites only. When I choose the 'specific' option, I see the site (BBC) that I has already added. I am obviously concerned that when the iPad is refreshed next time, it will be refreshed to the 'adult' section without my knowing. Are there any other profile setting that may conflict with my choice of 'Specific sites only'?
  Thanks.

  HI Lee,
  I am facing the same issue.
  Were U able to resolve this Or any work around ?
  _vishal

• IOS web content filtering cannot get trend micro filter

  hi, i just wondering how really i can get my router's content filtering connect to trps.trendmicro.com server again. previously it was success to get connect to the server, after i doing some changes on my zone-pair firewall then it cannot connect to the trend micro server anymore.
  sh ip trm subscription status showing that i successfully connected and registerd
  all the installation guide is doing accordingly,then i turn on my debug crypto pli validation and debug ip trm detail, all showing success connection to trendmicro site.
  parameter-map type trend-global <param> are pointing to the trps.trendmicro.com, my class-map and policy-map didn't have any changes since last success connection.
  zone-pair setting also attach with the right policy-map that serve for service-policy urlfilter <name>
  overall, after my zone-pair firewall is UP again, then my web content filtering is gone, while registeration is made..
  anyone have any idea what really happen?
  thanks
  Noel

  Hi Yongkhang,
  I think in order to figure out what is happening, we need to troubleshoot and see the config, data and other show commands.  I'm not sure if you would feel comfortable posting that here.  Therefore, i think its best to open up a case with tac on it so that it can be troubleshot to see why you cant access the trend micro server.
  can you let me know what you mean by when you turn on your ZBF, your web content filtering is gone.  Are you saying, when you turn on zbf, the web content filtering is no longer blocking or allowing sites?
  have you ran the following debugs?
  debug ip urlfilter detail
  debug ip urlfilter event
  debug ip url filter function-trace
  also, what does this show:
  show policy-map type inspect zone-pair urlfilter
  Are you sure you have the class maps in the proper order since its processed sequentially..
  regards,
  scott

• Really Slow web surfing through ZBF with IOS Content filter

  Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"   
  Hey, all
  We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
  For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
  I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
  I decide to post the issue here in case we both missed something:
  Current configuration : 18977 bytes
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname abc_1921
  boot-start-marker
  boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
  boot-end-marker
  aaa new-model
  aaa authentication login default local
  aaa authentication login NONE_LOGIN none
  aaa authorization exec default local
  aaa session-id common
  clock timezone AST -4 0
  clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
  no ipv6 cef
  ip source-route
  ip auth-proxy max-login-attempts 5
  ip admission max-login-attempts 5
  ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.9
  ip dhcp excluded-address 192.168.1.111 192.168.1.254
  ip dhcp pool DHCPPOOL
  import all
  network 192.168.1.0 255.255.255.0
  domain-name abc.local
  dns-server 192.168.10.200 192.168.10.202
  netbios-name-server 4.2.2.4
  default-router 192.168.1.150
  option 202 ip 192.168.1.218
  lease 8
  ip domain name abc.locol
  ip name-server 8.8.8.8
  ip name-server 4.2.2.2
  ip port-map user-port-1 port tcp 5080
  ip port-map user-port-2 port tcp 3389
  ip inspect log drop-pkt
  multilink bundle-name authenticated
  parameter-map type inspect global
  log dropped-packets enable
  parameter-map type urlfpolicy trend cprepdenyregex0
  allow-mode on
  block-page message "The website you have accessed is blocked as per corporate policy"
  parameter-map type urlf-glob cpaddbnwlocparapermit2
  pattern www.alc.ca
  pattern www.espn.com
  pattern www.bestcarriers.com
  pattern www.gulfpacificseafood.com
  pattern www.lafermeblackriver.ca
  pattern 69.156.240.29
  pattern www.tyson.com
  pattern www.citybrewery.com
  pattern www.canadianbusinessdirectory.ca
  pattern www.homedepot.ca
  pattern ai.fmcsa.dot.gov
  pattern www.mtq.gouv.qc.ca
  pattern licenseinfo.oregon.gov
  pattern www.summitfoods.com
  pattern www.marine-atlantic.ca
  pattern www.larway.com
  pattern www.rtlmotor.ca
  pattern *.abc.com
  pattern *.kijiji.ca
  pattern *.linkedin.com
  pattern *.skype.com
  pattern toronto.bluejays.mlb.com
  pattern *.gstatic.com
  parameter-map type urlf-glob cpaddbnwlocparadeny3
  pattern www.facebook.com
  pattern www.radiofreecolorado.net
  pattern facebook.com
  pattern worldofwarcraft.com
  pattern identityunknown.net
  pattern static.break.com
  pattern lyris01.media.com
  pattern www.saltofreight.com
  pattern reality-check.com
  pattern reality-check.ca
  parameter-map type ooo global
  tcp reassembly timeout 5
  tcp reassembly queue length 128
  tcp reassembly memory limit 8192
  parameter-map type trend-global global-param-map
  cache-size maximum-memory 5000
  crypto pki token default removal timeout 0
  crypto pki trustpoint Equifax_Secure_CA
  revocation-check none
  crypto pki trustpoint NetworkSolutions_CA
  revocation-check none
  crypto pki trustpoint trps1_server
  revocation-check none
  crypto pki trustpoint TP-self-signed-3538579429
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3538579429
  revocation-check none
  rsakeypair TP-self-signed-3538579429
  !! CERTIFICATE OMITED !!
  redundancy
  ip ssh version 2
  class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
  match access-group name REMOTE_SITE_SUBNET
  class-map type inspect match-all PPTP_GRE_INSPECT_MAP
  match access-group name ALLOW_GRE
  class-map type inspect match-all INSPECT_SKINNY_MAP
  match protocol skinny
  class-map type inspect match-all INVALID_SOURCE_MAP
  match access-group name INVALID_SOURCE
  class-map type inspect match-all ALLOW_PING_MAP
  match protocol icmp
  class-map type urlfilter match-any cpaddbnwlocclasspermit2
  match  server-domain urlf-glob cpaddbnwlocparapermit2
  class-map type urlfilter match-any cpaddbnwlocclassdeny3
  match  server-domain urlf-glob cpaddbnwlocparadeny3
  class-map type urlfilter trend match-any cpcatdenyclass2
  class-map type inspect match-all cpinspectclass1
  match protocol http
  class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
  match protocol citriximaclient
  match protocol ica
  match protocol http
  match protocol https
  class-map type inspect match-any INSPECT_SIP_MAP
  match protocol sip
  class-map type urlfilter trend match-any cptrendclasscatdeny1
  match  url category Abortion
  match  url category Activist-Groups
  match  url category Adult-Mature-Content
  match  url category Chat-Instant-Messaging
  match  url category Cult-Occult
  match  url category Cultural-Institutions
  match  url category Gambling
  match  url category Games
  match  url category Illegal-Drugs
  match  url category Illegal-Questionable
  match  url category Internet-Radio-and-TV
  match  url category Joke-Programs
  match  url category Military
  match  url category Nudity
  match  url category Pay-to-surf
  match  url category Peer-to-Peer
  match  url category Personals-Dating
  match  url category Pornography
  match  url category Proxy-Avoidance
  match  url category Sex-education
  match  url category Social-Networking
  match  url category Spam
  match  url category Tasteless
  match  url category Violence-hate-racism
  class-map type inspect match-any INSPECT_PROTOCOLS_MAP
  match protocol pptp
  match protocol dns
  match protocol ftp
  match protocol https
  match protocol imap
  match protocol pop3
  match protocol netshow
  match protocol shell
  match protocol realmedia
  match protocol rtsp
  match protocol smtp
  match protocol sql-net
  match protocol streamworks
  match protocol tftp
  match protocol vdolive
  match protocol tcp
  match protocol udp
  match protocol icmp
  class-map type urlfilter trend match-any cptrendclassrepdeny1
  match  url reputation ADWARE
  match  url reputation DIALER
  match  url reputation DISEASE-VECTOR
  match  url reputation HACKING
  match  url reputation PASSWORD-CRACKING-APPLICATIONS
  match  url reputation PHISHING
  match  url reputation POTENTIALLY-MALICIOUS-SOFTWARE
  match  url reputation SPYWARE
  match  url reputation VIRUS-ACCOMPLICE
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
  match access-group name CUSTOMIZED_NAT_1
  match protocol user-port-1
  class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
  match access-group name CUSTOMIZED_NAT_2
  match protocol user-port-2
  class-map type inspect match-any INSPECT_H323_MAP
  match protocol h323
  match protocol h323-nxg
  match protocol h323-annexe
  class-map type inspect match-all INSPECT_H225_MAP
  match protocol h225ras
  class-map type inspect match-all CUSTOMIZED_216_MAP
  match class-map CUSTOMIZED_PROTOCOL_216
  match access-group name CUSTOMIZED_NAT_216
  policy-map type inspect OUT-IN-INSPECT-POLICY
  class type inspect INCOMING_VPN_TRAFFIC_MAP
    inspect
  class type inspect PPTP_GRE_INSPECT_MAP
    pass
  class type inspect CUSTOMIZED_NAT_MAP_1
    inspect
  class type inspect CUSTOMIZED_NAT_MAP_2
    inspect
  class type inspect CUSTOMIZED_216_MAP
    inspect
  class class-default
    drop
  policy-map type inspect urlfilter cppolicymap-1
  description Default abc Policy Filter
  parameter type urlfpolicy trend cprepdenyregex0
  class type urlfilter cpaddbnwlocclasspermit2
    allow
  class type urlfilter cpaddbnwlocclassdeny3
    reset
    log
  class type urlfilter trend cptrendclasscatdeny1
    reset
    log
  class type urlfilter trend cptrendclassrepdeny1
    reset
    log
  policy-map type inspect IN-OUT-INSPECT-POLICY
  class type inspect cpinspectclass1
    inspect
    service-policy urlfilter cppolicymap-1
  class type inspect INSPECT_PROTOCOLS_MAP
    inspect
  class type inspect INVALID_SOURCE_MAP
    inspect
  class type inspect INSPECT_SIP_MAP
    inspect
  class type inspect ALLOW_PING_MAP
    inspect
  class type inspect INSPECT_SKINNY_MAP
    inspect
  class type inspect INSPECT_H225_MAP
    inspect
  class type inspect INSPECT_H323_MAP
    inspect
  class class-default
    drop
  zone security inside
  description INTERNAL_NETWORK
  zone security outside
  description PUBLIC_NETWORK
  zone-pair security INSIDE_2_OUTSIDE source inside destination outside
  service-policy type inspect IN-OUT-INSPECT-POLICY
  zone-pair security OUTSIDE_2_INSIDE source outside destination inside
  service-policy type inspect OUT-IN-INSPECT-POLICY
  crypto isakmp policy 10
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key password address 11.22.3.1
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec transform-set TunnelToCold esp-3des
  crypto map TunnelsToRemoteSites 10 ipsec-isakmp
  set peer 11.22.3.1
  set transform-set TunnelToCold
  match address TUNNEL_TRAFFIC2Cold
  interface Embedded-Service-Engine0/0
  no ip address
  shutdown
  interface GigabitEthernet0/0
  description OUTSIDE_INTERFACE
  ip address 1.1.1.186 255.255.255.248
  ip nat outside
  ip virtual-reassembly in
  zone-member security outside
  duplex full
  speed 1000
  crypto map TunnelsToRemoteSites
  crypto ipsec df-bit clear
  interface GigabitEthernet0/1
  description INSIDE_INTERFACE
  ip address 192.168.1.150 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  zone-member security inside
  duplex full
  speed 1000
  ip forward-protocol nd
  ip http server
  ip http access-class 10
  ip http authentication local
  ip http secure-server
  ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
  ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
  ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
  ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
  ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
  ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
  ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
  ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
  ip route 0.0.0.0 0.0.0.0 1.1.1.185
  ip access-list standard LINE_ACCESS_CONTROL
  permit 192.168.1.0 0.0.0.255
  ip access-list extended ALLOW_ESP_AH
  permit esp any any
  permit ahp any any
  ip access-list extended ALLOW_GRE
  permit gre any any
  ip access-list extended CUSTOMIZED_NAT_1
  permit ip any host 192.168.1.217
  permit ip any host 192.168.1.216
  ip access-list extended CUSTOMIZED_NAT_2
  permit ip any host 192.168.1.216
  permit ip any host 192.168.1.212
  permit ip any host 192.168.1.213
  ip access-list extended CUSTOMIZED_NAT_216
  permit ip any host 192.168.1.216
  ip access-list extended INVALID_SOURCE
  permit ip host 255.255.255.255 any
  permit ip 127.0.0.0 0.255.255.255 any
  ip access-list extended NAT_RULES
  deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
  deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  ip access-list extended REMOTE_SITE_SUBNET
  permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ABM
  permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Bridgewater
  permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
  permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
  permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
  permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Moncton
  permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2MountPearl
  permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
  ip access-list extended TUNNEL_TRAFFIC2Ontoria
  permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
  ip access-list extended WEB_TRAFFIC
  permit tcp 192.168.1.0 0.0.0.255 any eq www
  access-list 10 permit 192.168.1.0 0.0.0.255
  route-map NAT_MAP permit 10
  match ip address NAT_RULES
  snmp-server community 1publicl RO
  control-plane
  line con 0
  logging synchronous
  login authentication NONE_LOGIN
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line vty 0 4
  access-class LINE_ACCESS_CONTROL in
  exec-timeout 30 0
  logging synchronous
  transport input all
  scheduler allocate 20000 1000
  ntp server 0.ca.pool.ntp.org prefer
  ntp server 1.ca.pool.ntp.org
  end

  Hi,
  I know this is for a different platform but have a look at this link:
  https://supportforums.cisco.com/thread/2089462
  Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
  I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
  The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc...  but in my opinion I just don't think these routers can handle it.
  It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
  The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
  I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me )

• Short of dismantling and recreating a page how do i find out whats causing [Error: Invalid URL for Web Content Overlay]

  Hi,
  i received an indesign file to include in a folio that had links to the creators desktop where they had the assets for the web content overlay. When i try to update the folio i get the error message:
  "Content generation error.
  [Error: Invalid URL for Web Content Overlay]"
  Which is fair enough.
  The problem is, i have gone through and changed all URLs that I can see, but there is one somewhere, that I just can't find.
  Is there a way to get a list of all web content overlays in a particular file? otherwise i will need to recreate the whole page again, and it has some pretty complex interactions which i rather wouldn't do.
  I also cannot ask the original doc creator to just change the links as i'm sure he'll have the same issues as me, at not being able to track down the erroneous link.
  The problem I have with DPS is that its not very transparent. you'll have to click on everything, and into every group to see what actions are on it, which can be extremely time consuming and frustrating when complex interactions are included.
  thanks in advance for any assistance

  I’ve found watching the process helpful to narrow down the page.
  Working off a duplicate of the file, delete one layer at a time until you figure out what layer the problem is on.
  From there it’s a bit easier to narrow down.

• Invalid Url for Web Content Overlay

  I am constantly getting this error when I try to upload a page with a web content overlay -- i even get thi smessage if i try to upload http://google.com.
  sg

  This link is likely being redirected, and redirects aren't allowed in Web Content overlays. For example, http://www.google.com will work, but http://google.com won't. Check the URL on a mobile device. A lot of sites get redirected to the mobile version:  http://twitter.com becomes http://mobile.twitter.com.

• Invalid URL for Web Content Overlay. Help?

  I am doing a french tranlation to an existing folio app that someone else created.
  There is one page in my folio that is comprised of garbage and a trash can. You touch the garbage and drag it into the trash, and things change, etc.
  I have an index.html file and a bunch of other images.
  I can't even successfully add the article to my folio, I get this warning: Content Generator Error. Invalid URL for Web Content Overlay.
  Can you walk me through how to get this to work?
  Attached is a screen shot of my file structure...

  When you specify the .html file, all the content in that folder is uploaded automatically. Here's an article about Web Content overlays:
  http://help.adobe.com/en_US/digitalpubsuite/using/WS9293e1fb3b977c5c73657495129f66e490f-7f fa.html
  And here's an article and video about HTML articles:
  http://help.adobe.com/en_US/digitalpubsuite/using/WS67cb9e293e2f1f60530cf39c12f5fcd6d46-80 00.html

• URLs to specific articles in Web Content Viewer

  I'm placing the Web Content Viewer on a custom site for free viewing of all articles in the folio. Is it possible to get a URL of individual articles that be links sent to people? So if there is an email blast, can  there be a URL that will lead a reader to a certain article in that online folio? Thanks.

  Is this the reason (under "Known issues with social sharing / web viewer)? Digital Publishing Suite Help | DPS Bug Fix Release Notes
  I'm not using V32 on this folio.

• How create URL for see my folio on the web content viewer ?

  Hello,
  I try to create URL for see my folio on the web content viewer but nothing Work
  i have this informations :
  my applicationName
  my accountID
  my publication Name
  and my articleName (even if for this i'm not sure)
  All my articles are free, my folio is published...
  For information my folio is in PDF format with the resolution 1024x768
  Have you one idea why it's doesn't work ?
  Thanks for yours answers

  Rather than cobbling together the individual parts of the URL, create a development app with social sharing enabled and at least one article set to free. When you share the article of the published folio, you'll see your web viewer URL.