https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3716408#M12001 <P>So you looking only specific IP to block this URL is this correct,&nbsp;</P> <P>&nbsp;</P> <P>If so please refer below document, should be help for you to resolve.</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req</A></P> <P>&nbsp;</P> Mon, 01 Oct 2018 13:49:29 GMT balaji.bandi 2018-10-01T13:49:29Z https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3716263#M12000 <P>Hi everyone,</P> <P>&nbsp;</P> <P>our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query.&nbsp;</P> <P>&nbsp;</P> <P>i am able to block it for whole inside network but not for a specific ip address or group of ips.&nbsp;</P> <P>&nbsp;</P> <P>here is the code i am using.&nbsp;</P> <P>&nbsp;</P> <P>name 192.168.66.25 dummy-user<BR />access-list dummy-user-rl extended permit ip any host dummy-user <BR />access-list dummy-user-rl extended permit ip host dummy-user any<BR />global (outisde) 17 201.xxx.yyy.zzz<BR />nat (inside) 17 dummy-user 255.255.255.255<BR />!<BR />regex domain_netflix.com "\.netflix\.com"<BR />!<BR />class-map dummy-user-rl<BR /> match access-list dummy-user-rl<BR />!<BR />class-map type inspect dns match-all cm-dbl<BR /> description Blocked Domains<BR /> match domain-name regex domain_netflix.com<BR />!<BR />policy-map type inspect dns dns-inspect-pm<BR /> parameters<BR /> message-length maximum 512<BR /> match domain-name regex domain_netflix.com<BR /> class cm-dbl<BR /> drop log<BR />!<BR />policy-map global_policy <BR /> class dummy-user-rl<BR /> police input 4000000 12375<BR /> police output 4000000 12375<BR /> inspect dns dns-inspect-pm<BR />!<BR />service-policy global_policy global</P> Fri, 21 Feb 2020 16:18:11 GMT https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3716263#M12000 Jameel Ahmed 2020-02-21T16:18:11Z https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3716408#M12001 <P>So you looking only specific IP to block this URL is this correct,&nbsp;</P> <P>&nbsp;</P> <P>If so please refer below document, should be help for you to resolve.</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req</A></P> <P>&nbsp;</P> Mon, 01 Oct 2018 13:49:29 GMT https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3716408#M12001 balaji.bandi 2018-10-01T13:49:29Z https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3717321#M12002 <P>The link you shared is about OS version &gt;=8.3. i am using version 8.2.&nbsp;</P> Tue, 02 Oct 2018 12:24:47 GMT https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3717321#M12002 Jameel Ahmed 2018-10-02T12:24:47Z https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3717521#M12003 <P>Try the following:</P> <P>&nbsp;</P> <P>regex block-netflix.com "netflix\.com"</P> <P>&nbsp;</P> <P>class-map type regex match-any DOMAIN-BLOCK</P> <P>&nbsp;match regex block-netflix.com</P> <P>&nbsp;</P> <P>policy-map type inspect dns&nbsp;<SPAN>dns-inspect-pm</SPAN></P> <P>&nbsp;match domain-name regex class&nbsp;<SPAN>DOMAIN-BLOCK</SPAN></P> <P>&nbsp; &nbsp;drop-connection log</P> <P>&nbsp;</P> <P><SPAN>policy-map global_policy&nbsp;</SPAN><BR /><SPAN>class dummy-user-rl</SPAN><BR /><SPAN>police input 4000000 12375</SPAN><BR /><SPAN>police output 4000000 12375</SPAN><BR /><SPAN>inspect dns dns-inspect-pm</SPAN><BR /><BR /><SPAN>service-policy global_policy global</SPAN></P> <P>&nbsp;</P> Tue, 02 Oct 2018 15:14:01 GMT https://community.cisco.com/t5/network-security/how-to-block-website-cisco-asa-using-mpf/m-p/3717521#M12003 Marius Gunnerud 2018-10-02T15:14:01Z