https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718388#M1002351 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try replacing the following command,</P><P></P><P>regex regex_lycos "www.lycos.com"</P><P></P><P>with</P><P></P><P>regex regex_lycos "w{3}\.lycos\.com"</P><P></P><P>Rate it if it helps.</P><P>Regards,</P><P>Sridhar.</P></BODY></HTML> Wed, 22 Aug 2007 15:06:53 GMT sridharvaidyanathan 2007-08-22T15:06:53Z https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718386#M1002346 <P>I'm trying to block access to lycos.com and doing it this way but it's not working</P><P></P><P>regex regex_lycos "<A href="http://www.lycos.com" target="_blank">www.lycos.com</A>"</P><P>class-map cmap_test</P><P></P><P>class-map type regex match-any cmap_regex1</P><P> match regex regex_lycos</P><P></P><P>class-map type inspect http match-all http_traffic</P><P> match request uri regex class cmap_regex1</P><P></P><P>!</P><P>policy-map type inspect http pmap_http</P><P> parameters</P><P> class http_traffic</P><P> reset log</P><P></P><P>policy-map pmap3</P><P> class cmap_test</P><P> inspect http pmap_http </P><P>!</P><P></P><P>service-policy pmap3 interface inside</P><P>service-policy pmap3 interface outside</P><P></P><P></P><P></P><P>Here is the output of my 'show service-policy' commands after going to lycos.com. The connection was allowed and nothing was blocked</P><P></P><P></P><P>H(config)# sh service-policy int inside</P><P></P><P>Interface inside:</P><P> Service-policy: pmap3</P><P> Class-map: cmap_test</P><P> Inspect: http pmap_http, packet 0, drop 0, reset-drop 0</P><P></P><P></P><P>H(config)# sh service-policy int ou </P><P>Interface outside:</P><P> Service-policy: pmap3</P><P> Class-map: cmap_test</P><P> Inspect: http pmap_http, packet 0, drop 0, reset-drop 0</P><P></P> Mon, 11 Mar 2019 10:38:40 GMT https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718386#M1002346 ciscors 2019-03-11T10:38:40Z https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718387#M1002349 <HTML><HEAD></HEAD><BODY><P>The enhanced HTTP inspection feature, which is also known as an application firewall and is available when you configure an HTTP map can help prevent attackers from using HTTP messages for circumventing network security policy.</P><P></P><P>Refer this link:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html#wp1431359" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html#wp1431359</A></P></BODY></HTML> Fri, 06 Jul 2007 19:38:42 GMT https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718387#M1002349 a-vazquez 2007-07-06T19:38:42Z https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718388#M1002351 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try replacing the following command,</P><P></P><P>regex regex_lycos "www.lycos.com"</P><P></P><P>with</P><P></P><P>regex regex_lycos "w{3}\.lycos\.com"</P><P></P><P>Rate it if it helps.</P><P>Regards,</P><P>Sridhar.</P></BODY></HTML> Wed, 22 Aug 2007 15:06:53 GMT https://community.cisco.com/t5/network-security/asa-inspecting-http-traffic-to-url/m-p/718388#M1002351 sridharvaidyanathan 2007-08-22T15:06:53Z