https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992826#M439553 <HTML><HEAD></HEAD><BODY><P>The ASA can not inspect HTTPS. You could deny name-resolution for facebook.com or use a proxy-server that can inspect HTTPS-traffic.</P></BODY></HTML> Thu, 12 Jul 2012 13:36:48 GMT Karsten Iwen 2012-07-12T13:36:48Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992824#M439551 <P>I have&nbsp; cisco ASA5510 firewall&nbsp; using in my network but&nbsp; unable to bolck Url's&nbsp; unwanted.</P><P><SPAN>can i block the </SPAN><A class="jive-link-external-small" href="https://facebook.com" target="_blank">https://facebook.com</A><SPAN>&nbsp; on the asa by using regular exp.</SPAN></P><P></P><P>Thanks,</P><P>Saroj</P> Mon, 11 Mar 2019 23:30:14 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992824#M439551 saroj pradhan 2019-03-11T23:30:14Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992825#M439552 <HTML><HEAD></HEAD><BODY><P>Sure can.</P><P></P><P>here is the sample config for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml</A></P></BODY></HTML> Thu, 12 Jul 2012 13:02:22 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992825#M439552 Jennifer Halim 2012-07-12T13:02:22Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992826#M439553 <HTML><HEAD></HEAD><BODY><P>The ASA can not inspect HTTPS. You could deny name-resolution for facebook.com or use a proxy-server that can inspect HTTPS-traffic.</P></BODY></HTML> Thu, 12 Jul 2012 13:36:48 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992826#M439553 Karsten Iwen 2012-07-12T13:36:48Z https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992827#M439554 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You can not block https as the "get-request' for the facebook.com will be encypted. However you can use ASA to block facebook based on your DNS request in case you dns request is passing through the ASA. ASA can inspect that DNS packet and based on regex you can deny that dns request.</P><P></P><P>In this way user will never be able to connect to facebook.com (3-way handshake).</P><P></P><P>but if you are using an internal DNS server, ASA won't be receiving the request if it is in same LAN segment.</P><P></P><P>Regards,</P><P></P><P>Dinkar</P></BODY></HTML> Thu, 12 Jul 2012 22:03:04 GMT https://community.cisco.com/t5/network-security/cisco-asa5510/m-p/1992827#M439554 Dinkar Sharma 2012-07-12T22:03:04Z