cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
678
Views
0
Helpful
3
Replies
meet_mkhan
Beginner

Blocking Web Sites on Cisco ASA5510

Hi Experts,

Can Any one help in Blocking Web site for example Facebook on Cisco ASA5510

I used the below configuration on Cisco ASA5510 but did not blocked any web site

"

regex blockex1 "facebook\.com"

regex blockex2 "youtube\.com"

class-map type inspect http match-any block-url-class

match request header host regex blockex1

match request header host regex blockex2

policy-map type inspect http block-url-policy

parameters

class block-url-class

  drop-connection log

class inspection_default

policy-map global_policy

class inspection_default

  inspect http block-url-policy

service-policy global_policy global

3 REPLIES 3
Karsten Iwen
VIP Mentor

It won't work if the client is using HTTPS. Better use FQDN-based filtering with sites that don't use shared hosting:

object network FACEBOOK

  fqdn www.facebook.com

access-list INSIDE-ACCESS-IN extended deny ip any4 object FACEBOOK

dns domain-lookup inside

DNS server-group DefaultDNS

  name-server 10.10.10.10 ! your DNS-server

  domain-name company.intern

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Hi,

Thanks for the reply.i dint find the command

:fqdn www.facebook.com" in  object network FACEBOOK

Can you please write the complete config in details

probably your ASA-version is to old, the fqdn-parameter was introduced in 8.4(2).

http://www.cisco.com/en/US/docs/security/asa/command-reference/f2.html#wp2058089

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni