How to block porn site with PIX or ASA

nilesh_sawant — Fri, 21 Feb 2020 12:00:28 GMT

Hi,

We like to block the porn site + few url in our IT Infrastructure. How can we achieve this with PIX 515 or Cisco ASA?

If it's achievable by Cisco ASA then which edition ASA can be use ?

Regards,

Nilesh

Re: How to block porn site with PIX or ASA

Kevin Redmon — Tue, 29 Jun 2010 22:40:08 GMT

Nilesh,

There are a couple of options that you can consider here. If you have an ASA5510 or greater, you can consider purchasing a CSC module. The CSC module will allow you to select various categories and dynamically filter sensitive sites - including pornography, hacking, and other malicious categories. With the release of CSC 6.3+, you can also integrate the filtering and URL-blocking functionality of this product with Active Directory. Depending on the user, you can filter what user has access to what websites or categories of websites. Please contact your Cisco Account Team or reseller if this is something that you would be interested in.

If you just want to filter certain websites manually, you can enable 'inspect http'. Once you have enabled 'inspect http', you can reset particular connections based on the Layer 4-7 content of the packet. For instance, consider the following config:

regex badsite "www.badsite.com"

policy-map type inspect http_policy

match request header host regex badsite

policy-map global_policy
class inspection_default

inspect http http_policy

If there are a number of sites that you are concerned with, you can also match off of a class-map of regular expressions. Unfortunately with this approach, the detail in your regex will determine how successful your filter will be.

ASDM has a wonderful Regex testing feature that will assist in developing the appropriate regex for your filter.

Hope this helps,

Kevin

topic How to block porn site with PIX or ASA in Network Security

How to block porn site with PIX or ASA

Re: How to block porn site with PIX or ASA