Restricting URL access at GGSN

I had a query. Is it possible to allow only selective URLs/ servers corresponding to a particular APN. i.e. the user should only be allowed to use these selected URLs only.

I do not know if any GGSN allows this - but you should be able to do it anyway. In principle each APN shall be bound with a specific IP address range - this is configurable. Usually these are private IP addresses, which are then NAT-ed. So if you are able to intercept http traffic from these addresses you could allow for certain APN access only to specific HTTP servers with standard HTTP fw/proxy.

Thanks for the reply. I am not sure but i think ACLs can be defined for a particular APN. Hence it can help in defining multiple APNs at GGSN with each APN restricting/ allowing a set a http servers. Do you think it will work.

Well if you can directly set up ACL per APN then you could go this direction and it should work.. There is perhaps one problem - unless end user enters URL of allowed http server they would see some sort of "connection problem" warning in their browser because their http trafiic would be dropped if destination IP addres does not match allowed http server address. Maybe you could avoid this by not using ACL per APN but introducing some sort of http traffic redirection - i.e. no matter what URL user enters in the browser when the traffic is originated from IP addresses belonging to given APN, some http proxy catch these requeusts and always sends back to browser redirection to allowed http server..

Thanks a lot for your suggestion. I really liked your suggestion of redirecting the traffic. Thanks again!!!!

Yes, it is possible to restrict a particular APN to access only list of URLs and reject for any other URLs. I have worked in NSN GGSN(FING) & Ericsson GGSN(with SACC teature), both of them have possibility of ur requirement.