https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075528#M394803 <HTML><HEAD></HEAD><BODY><P>thnx </P><P></P><P>http and https both are block ??</P></BODY></HTML> Mon, 03 Dec 2012 09:04:39 GMT Hardik Vaidh 2012-12-03T09:04:39Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075526#M394798 <H5>how to allow few url and block other in cisco asa 5510</H5> Tue, 12 Mar 2019 00:31:23 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075526#M394798 Hardik Vaidh 2019-03-12T00:31:23Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075527#M394800 <HTML><HEAD></HEAD><BODY><P>Hello Hardik,</P><P></P><P>In this example we will allow only cisco.com, and block everything else:</P><P></P><PRE>regex allowex2 "cisco\.com"<BR /><BR />class-map type inspect http match-all allow-url-class<BR /> match not request header host regex allowex2<BR /><BR />policy-map type inspect http allow-url-policy<BR /> parameters<BR /> class allow-url-class<BR />&nbsp; drop-connection log<BR />policy-map global_policy<BR /> class inspection_default<BR />&nbsp; inspect http allow-url-policy<BR /><BR />service-policy global_policy global</PRE><P></P><P>Hope it helps <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/wink.gif"></SPAN></P></BODY></HTML> Mon, 03 Dec 2012 09:01:42 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075527#M394800 Eugene Korneychuk 2012-12-03T09:01:42Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075528#M394803 <HTML><HEAD></HEAD><BODY><P>thnx </P><P></P><P>http and https both are block ??</P></BODY></HTML> Mon, 03 Dec 2012 09:04:39 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075528#M394803 Hardik Vaidh 2012-12-03T09:04:39Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075529#M394805 <HTML><HEAD></HEAD><BODY><P>Hello Hardick,</P><P></P><P>Only http.</P><P></P><P>HTTPS filtering is not supported on ASA. ASA cannot do deep packet&nbsp;&nbsp; inspection or inspection based on regular expression for HTTPS traffic,&nbsp; because&nbsp; in HTTPS, content of packet is encrypted (SSL).</P><P></P><P>You&nbsp; can also use URL filtering to direct specific traffic to an external&nbsp;&nbsp; filtering server, such an Secure Computing SmartFilter (formerly N2H2)&nbsp; or&nbsp; Websense filtering server. Long URL, HTTPS, and FTP filtering can&nbsp; now be enabled&nbsp; using both Websense and Secure Computing SmartFilter for&nbsp; URL filtering.&nbsp; Filtering servers can block traffic to specific sites&nbsp; or types of sites, as&nbsp; specified by the security policy.</P><P></P><P>For more information on URL filters, refer the following URLs:</P><P><A href="http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/filter.html#wp1042606" rel="nofollow">http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/filter.html#wp1042606</A></P><P><A href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml" rel="nofollow">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml</A></P><P><A href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml" rel="nofollow">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml</A></P><P></P><P>Please, rate helpful posts <SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/wink.gif"></SPAN></P></BODY></HTML> Mon, 03 Dec 2012 09:13:52 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075529#M394805 Eugene Korneychuk 2012-12-03T09:13:52Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075530#M394806 <HTML><HEAD></HEAD><BODY><P>thnx a lot dear...</P><P></P><P>I have more then two remote site.. and i want to block and allow url each center but every center have different requirement ... so it is possible in one cisco 5510 ASA for multiple location.. ?</P></BODY></HTML> Mon, 03 Dec 2012 09:22:42 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075530#M394806 Hardik Vaidh 2012-12-03T09:22:42Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075531#M394809 <HTML><HEAD></HEAD><BODY><P>You can configure different regex, for different requirement.</P></BODY></HTML> Mon, 03 Dec 2012 09:26:36 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075531#M394809 Eugene Korneychuk 2012-12-03T09:26:36Z https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075532#M394810 <HTML><HEAD></HEAD><BODY><P>ok thnx will check.. thnx a lot</P></BODY></HTML> Mon, 03 Dec 2012 09:31:33 GMT https://community.cisco.com/t5/network-security/how-to-allow-few-url-and-block-other-in-cisco-asa-5510/m-p/2075532#M394810 Hardik Vaidh 2012-12-03T09:31:33Z