https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878549#M492625 <HTML><HEAD></HEAD><BODY><P>That solution makes sense.</P><P>I'll try that in the next days and let you know if it fixe my problem or not.</P><P>Thanks for the reply.</P></BODY></HTML> Thu, 08 Dec 2011 20:02:32 GMT gloubier 2011-12-08T20:02:32Z https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878547#M492623 <P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">Hi,</SPAN></P><P></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">I would like to find a way to give access to one website ( let say cisco.com ), give access to whatever website that have the word "test" in the URL and block the access to all the other websites for only one server ( let say the_server ).</SPAN></P><P></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;">Here the config I have now :</SPAN></P><P><SPAN style="font-family: arial,helvetica,sans-serif; font-size: 10pt;"> </SPAN></P><P>regex cisco.com "\.cisco\.com"</P><P>regex test "test"</P><P>regex all ".*"</P><P>!</P><P>access-list acl_test extended permit tcp object GLOUBIER any eq www </P><P>!</P><P>class-map inside-test</P><P>match access-list acl_test</P><P>!</P><P>class-map type inspect http match-all http_url_filtering_test</P><P>match request header host regex cisco.com</P><P>!</P><P>class-map type inspect http match-all http_url_filtering_test2</P><P>match request uri regex test</P><P>!</P><P>class-map type inspect http match-all http_url_filtering_test3</P><P>match request header host regex all</P><P>!</P><P>policy-map type inspect http http_url_inspection_test</P><P>parameters</P><P>class http_url_filtering_test</P><P>&nbsp; log</P><P>class http_url_filtering_test2</P><P>&nbsp; log</P><P>class http_url_filtering_test3</P><P>drop-connection</P><P>!</P><P>policy-map inside-policy</P><P>class inside-test</P><P>&nbsp; inspect http http_url_inspection_test</P><P>!</P><P></P><P>Those rules aren't working ( everything is blocked ), but if I'm try each class-map individualy, it's working fine.</P><P>Is there a way to make the 3 rules ( allow cisco.com, allow word test in URL, block the rest ) work together ?</P><P></P><P>Thanks for the answers and help.</P> Mon, 11 Mar 2019 21:54:12 GMT https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878547#M492623 gloubier 2019-03-11T21:54:12Z https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878548#M492624 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I would suggest flipping your logic around to drop everything that doesn't match your allowed requests like this: </P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>regex cisco.com "cisco\.com"</P><P>regex test "test"</P><P>!</P><P>access-list acl_test extended permit tcp object GLOUBIER any eq www </P><P>!</P><P>class-map inside-test</P><P>&nbsp;&nbsp; match access-list acl_test</P><P>!</P><P>class-map type inspect http match-all filter-class</P><P>&nbsp;&nbsp; match not request header host regex cisco.com</P><P>&nbsp;&nbsp; match not request uri regex test</P><P>!</P><P>policy-map type inspect http filter-policy</P><P>&nbsp;&nbsp; parameters</P><P>&nbsp;&nbsp; class filter-class</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; drop-connection</P><P>policy-map inside-policy</P><P>&nbsp;&nbsp; class inside-test</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; inspect http filter-policy</P></PRE><P>That makes the config a bit more manageable and should do what you are looking for.</P><P></P><P>-Mike</P></BODY></HTML> Wed, 30 Nov 2011 18:17:11 GMT https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878548#M492624 mirober2 2011-11-30T18:17:11Z https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878549#M492625 <HTML><HEAD></HEAD><BODY><P>That solution makes sense.</P><P>I'll try that in the next days and let you know if it fixe my problem or not.</P><P>Thanks for the reply.</P></BODY></HTML> Thu, 08 Dec 2011 20:02:32 GMT https://community.cisco.com/t5/network-security/problem-with-http-inspection/m-p/1878549#M492625 gloubier 2011-12-08T20:02:32Z