https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005686#M401112 <HTML><HEAD></HEAD><BODY><P> Thank y ou Jouni and Karsten. I'm aware of the use in access-lists but was hoping there was some way to apply the fqdn feature to the filter url command. </P></BODY></HTML> Wed, 08 Aug 2012 12:35:44 GMT vpersaud001 2012-08-08T12:35:44Z https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005683#M401109 <P>Hello ... is there any way to apply hostname or object network in the syntax? </P><P>The command gives the option to use hostname or A.B.C.D but doesn't accept the hostname</P><P>PIX1(config)# filter url except 0.0.0.0 0.0.0.0 ?</P><P>configure mode commands/options:<BR />&nbsp; Hostname or A.B.C.D&nbsp; The address of foreign/external host which is<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; destination for connections requiring filtering</P><P>Can an FQDN be used as a foreign/external host? </P><P>Thanks. </P> Mon, 11 Mar 2019 23:39:30 GMT https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005683#M401109 vpersaud001 2019-03-11T23:39:30Z https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005684#M401110 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I'm not sure if I have every used the command you are using in your example. Is it related to using an external server for the filtering?</P><P></P><P>There is though an option to use FQDN on the access-list if you are running atleast 8.4(2) on the ASA</P><P></P><P>For example a Facebook block could be configured like this</P><P></P><P></P><P>dns domain-lookup outside</P><P>DNS server-group DefaultDNS</P><P>&nbsp;&nbsp;&nbsp; name-server x.x.x.x</P><P>&nbsp;&nbsp;&nbsp; name-server y.y.y.y</P><P></P><P>object network FACEBOOK-FQDN</P><P> fqdn www.facebook.com</P><P></P><P>access-list INSIDE-IN remark Block Facebook</P><P>access-list INSIDE-IN extended deny ip any object FACEBOOK-FQDN</P><P></P><P></P><P>Then again the above configuration would not completely block Facebook for example since the destination address keeps changing. (Would have to resort to dropping the HTTP connections, dropping the DNS replys, dropping the traffic on the basis of the destination IP address etc.</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 08 Aug 2012 06:56:52 GMT https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005684#M401110 Jouni Forss 2012-08-08T06:56:52Z https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005685#M401111 <HTML><HEAD></HEAD><BODY><P>This feature is very good explained in a supportforum-doc:</P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-17014">https://supportforums.cisco.com/docs/DOC-17014</A></P><P></P><P></P><P>--&nbsp; <BR />Don't stop after you've improved your network! Improve the world by lending money to the working poor: <BR /><A class="jive-link-external-small" href="http://www.kiva.org/invitedby/karsteni">http://www.kiva.org/invitedby/karsteni</A></P></BODY></HTML> Wed, 08 Aug 2012 07:25:18 GMT https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005685#M401111 Karsten Iwen 2012-08-08T07:25:18Z https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005686#M401112 <HTML><HEAD></HEAD><BODY><P> Thank y ou Jouni and Karsten. I'm aware of the use in access-lists but was hoping there was some way to apply the fqdn feature to the filter url command. </P></BODY></HTML> Wed, 08 Aug 2012 12:35:44 GMT https://community.cisco.com/t5/network-security/asa-8-4-4-filter-url-using-hostname/m-p/2005686#M401112 vpersaud001 2012-08-08T12:35:44Z