topic URLs filtering problemes ASA 5510 in Network Security

URLs filtering problemes ASA 5510

iliass joudat — Tue, 12 Mar 2019 00:12:12 GMT

hi everybody

i use ASA 5510 and i want to block some urls :

192.168.2.70 to 79 allow every thing

192.168.2.80 to 89 : block facebook , myspace, twiter,

192.168.2.90 to 99 : block facebook , myspace, twiter, youtube , dailymotion

192.168.2.100 to 199 deny everting

URLs filtering problemes ASA 5510

Jennifer Halim — Mon, 22 Oct 2012 00:20:44 GMT

Duplicate post.

Here is the same answer from the other post:

Here is a sample configuration that you can follow to block URLs using regular expressions:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Hope that helps.

URLs filtering problemes ASA 5510

iliass joudat — Mon, 22 Oct 2012 00:43:28 GMT

Hi Jennifer

thank you for your reply, however, I have already seen this aricle and I have followed the steps, but I want to block all IP address of my networks, can you give me more specific

thank you

URLs filtering problemes ASA 5510

Jennifer Halim — Mon, 22 Oct 2012 01:32:32 GMT

Here we go:

regex domainFacebook "\.facebook\.com"

regex domainMyspace "\.myspace\.com"

regex domainTwitter "\.twitter\.com"

regex domainYoutube "\.youtube\.com"

regex domainDailymotion "\.dailymotion\.com"

class-map type regex match-any block-for-80-to-89

match regex domainFacebook

match regex domainMyspace

match regex domainTwitter

class-map type regex match-any block-for-90-to-99

match regex domainFacebook

match regex domainMyspace

match regex domainTwitter

match regex domainYoutube

match regex domainDailymotion

class-map type inspect http match-all block-80-89-class

match request header host regex class block-for-80-to-89

class-map type inspect http match-all block-90-99-class

match request header host regex class block-for-90-to-99

access-list match-80-89-acl permit tcp 192.168.2.80 255.255.255.248 any eq 80

access-list match-80-89-acl permit tcp 192.168.2.88 255.255.255.254 any eq 80

access-list match-90-99-acl permit tcp 192.168.2.90 255.255.255.254 any eq 80

access-list match-90-99-acl permit tcp 192.168.2.92 255.255.255.252 any eq 80

access-list match-90-99-acl permit tcp 192.168.2.96 255.255.255.252 any eq 80

class-map httptraffic80-89

match access-list match-80-89-acl

class-map httptraffic90-99

match access-list match-90-99-acl

policy-map type inspect http http_inspection_policy_80-89

class block-80-89-class

reset log

policy-map type inspect http http_inspection_policy_90-99

class block-90-99-class

reset log

policy-map inside-policy

class httptraffic80-89

inspect http http_inspection_policy_80-89

class httptraffic90-99

inspect http http_inspection_policy_90-99

service-policy inside-policy interface inside

Please kindly be advised that this is only for HTTP (not for HTTPS, as HTTPS is encrypted so it won't see the URL, therefore it can't be blocked).

On the inside ACL that is applied to the inside interface, you would also need to add the following:

access-list permit tcp 192.168.2.70 255.255.255.254 any eq 80

access-list permit tcp 192.168.2.72 255.255.255.248 any eq 80

access-list permit tcp 192.168.2.80 255.255.255.240 any eq 80

access-list permit tcp 192.168.2.96 255.255.255.252 any eq 80

access-list deny tcp 192.168.2.100 255.255.255.252 any eq 80

access-list deny tcp 192.168.2.104 255.255.255.248 any eq 80

access-list deny tcp 192.168.2.112 255.255.255.240 any eq 80

access-list deny tcp 192.168.2.128 255.255.255.192 any eq 80

access-list deny tcp 192.168.2.192 255.255.255.248 any eq 80

access-list permit ip any any

URLs filtering problemes ASA 5510

iliass joudat — Mon, 22 Oct 2012 01:38:05 GMT

am not front of my asa right now , am gona to use your config tomorrow and am go back to you

thinks a lot for your help

URLs filtering problemes ASA 5510

Jennifer Halim — Mon, 22 Oct 2012 01:39:42 GMT

No problem, let us know how it goes tomorrow.

URLs filtering problemes ASA 5510

iliass joudat — Fri, 26 Oct 2012 13:35:34 GMT

hi jennifer ;

thinks a lot for your support

URLs filtering problemes ASA 5510

Jennifer Halim — Fri, 26 Oct 2012 13:41:41 GMT

No problem...