https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490557#M660207 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #ffffff; ">Thanks for the idea.</SPAN><SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/wink.gif"></SPAN><SPAN style="background-color: #ffffff; "> Nevertheless, how I can use ip for filtering http<BR /></SPAN></P></BODY></HTML> Wed, 04 Aug 2010 12:43:18 GMT grigansky 2010-08-04T12:43:18Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490555#M660192 <P>Hello, have a problem with rule for ASA 5505. I need block all tarffic except maps.google.com:</P><PRE><BR /><STRONG>regex googleMAP "maps\.google\.com"<BR /><BR />class-map type inspect http match-all BlockDomainsClass<BR /> match not request header host regex class DomainBlockList<BR /><BR />policy-map type inspect http http_incspect_policy<BR /> parameters<BR />&nbsp; protocol-violation action drop-connection<BR /> match request method connect<BR />&nbsp; drop-connection log<BR /> class BlockDomainsClass<BR />&nbsp; reset log</STRONG><BR /><BR />This rule works, but not all maps are opened and maps <SPAN style="color: #000000; background-color: #ffffff; ">are partially</SPAN><SPAN __jive_emoticon_name="sad" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/sad.gif"></SPAN>.<BR /><BR />How I can use all ip maps.google.com:<BR /><BR /><EM>74.125.87.103<BR />74.125.87.105<BR />74.125.87.99<BR />74.125.87.104<BR />74.125.87.106<BR />74.125.87.147</EM><BR /><BR />in rule?<BR /><BR /></PRE> Mon, 11 Mar 2019 18:20:59 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490555#M660192 grigansky 2019-03-11T18:20:59Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490556#M660197 <HTML><HEAD></HEAD><BODY><P>Dmitry,</P><P>&nbsp;&nbsp;&nbsp;&nbsp; More likely than not, google maps uses a lot of different domains then just maps.google.com for context and files to load the maps. I highly suggest you install the "Tamper Data" extension in Firefox as it will list all the requests your browser makes. That way you can see what domains and sub-domains are involved in loading google maps. You can get Tamper Data here:</P><P></P><P><A class="jive-link-external-small" href="https://addons.mozilla.org/en-US/firefox/addon/966/">https://addons.mozilla.org/en-US/firefox/addon/966/</A></P><P></P><P>Once installed, load it from Firefox's tools menu. Once it is open, browse and use google maps. Youw ill see all the requests made and the URLs. That way you can adjust and tune your policy accordingly.</P><P></P><P>When I tested just now I saw:</P><P></P><P>maps.google.com</P><P>maps.gstatic.com</P><P>mt0.google.com</P><P>mt1.google.com</P><P></P><P>Go ahead and try it your self and see what you find!</P><P></P><P>- Magnus</P></BODY></HTML> Wed, 04 Aug 2010 12:17:18 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490556#M660197 Magnus Mortensen 2010-08-04T12:17:18Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490557#M660207 <HTML><HEAD></HEAD><BODY><P><SPAN style="background-color: #ffffff; ">Thanks for the idea.</SPAN><SPAN __jive_emoticon_name="wink" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/images/emoticons/wink.gif"></SPAN><SPAN style="background-color: #ffffff; "> Nevertheless, how I can use ip for filtering http<BR /></SPAN></P></BODY></HTML> Wed, 04 Aug 2010 12:43:18 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490557#M660207 grigansky 2010-08-04T12:43:18Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490558#M660217 <HTML><HEAD></HEAD><BODY><P>Dmitry,</P><P>&nbsp;&nbsp;&nbsp;&nbsp; I would not use IP addresses for HTTP filtering since IP address will, and do, change often. basing it on the hostname (via regex) is much more resilient to changing IP addresses.</P><P></P><P>- Magnus</P></BODY></HTML> Wed, 04 Aug 2010 13:59:53 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490558#M660217 Magnus Mortensen 2010-08-04T13:59:53Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490559#M660238 <HTML><HEAD></HEAD><BODY><P>Thank you</P></BODY></HTML> Wed, 04 Aug 2010 14:40:43 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/1490559#M660238 grigansky 2010-08-04T14:40:43Z https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/3331130#M660269 <P>Extension no longer valid.</P> <DIV class="Notice Notice-error AddonCompatibilityError"> <DIV class="Notice-icon">&nbsp;</DIV> <DIV class="Notice-column"> <DIV> <P class="Notice-text"><SPAN>This add-on is not compatible with your version of Firefox.</SPAN></P> </DIV> </DIV> </DIV> <HEADER class="Addon-header"> <DIV class="Addon-icon"><IMG class="Addon-icon-image" src="https://addons.cdn.mozilla.net/static/img/addon-icons/default-64.png" alt="" border="0" /></DIV> <H1 class="Addon-title">Tamper Data <SPAN class="Addon-author">by <A href="https://addons.mozilla.org/en-US/firefox/user/adam-judson/" target="_blank">Adam Judson</A></SPAN></H1> <DIV class="AddonBadges"> <DIV class="Badge Badge-restart-required">Restart Required<SPAN class="Icon Icon-restart"><SPAN class="visually-hidden">Restart Required</SPAN></SPAN></DIV> <DIV class="Badge Badge-not-compatible">Not compatible with Firefox Quantum<SPAN class="Icon Icon-not-compatible"><SPAN class="visually-hidden">Not compatible with Firefox Quantum</SPAN></SPAN></DIV> </DIV> <DIV class="Addon-summary-and-install-button-wrapper"> <P class="Addon-summary">Use tamperdata to view and modify HTTP/HTTPS headers and post parameters...</P> <DIV class="InstallButton InstallButton--use-button"> <DIV data-browsertheme="{&quot;description&quot;:&quot;Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.\n\nTrace and time http response/requests.\n\nSecurity test web applications by modifying POST parameters.\n\nFYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.\n\nA few people have asked about donations. If you are so inclined, consider donating to the &lt;a rel=\&quot;nofollow\&quot; href=\&quot;https://outgoing.prod.mozaws.net/v1/7f8774632e1542ba2083723d2599fcd06e67cbf0a5c811d1469576e45cfc0e7e/http%3A//www.canadahelps.org/CharityProfilePage.aspx%3FCharityID=s17174\&quot;&gt;Toronto Daily Bread Foodbank&lt;/a&gt;. Thanks.&quot;,&quot;id&quot;:966,&quot;name&quot;:&quot;Tamper Data&quot;}">&nbsp;</DIV> <A class="Button Button--action InstallButton-button Button--action InstallButton-button--disabled disabled Button--disabled Button--puffy" href="https://addons.mozilla.org/firefox/downloads/file/79565/tamper_data-11.0.1-fx.xpi?src=dp-btn-primary" target="_blank">Add to Fir</A></DIV> </DIV> </HEADER> Wed, 14 Feb 2018 17:13:07 GMT https://community.cisco.com/t5/network-security/allow-only-maps-google-com/m-p/3331130#M660269 Ravenswing 2018-02-14T17:13:07Z