Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
241
Views
0
Helpful
1
Replies

Allow few site and block all other web sites

mhdshbr25
Level 1
Level 1

‎09-12-2014 06:19 PM - edited ‎03-11-2019 09:45 PM

Hi i  need sample configuration using rogex  command   to   allow few web sites and block  to 192.168.2.0 networks and allow full  access to 192.168.10 .0 networks . i have configures two inside network

 

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎09-13-2014 10:07 AM

You could try something like the following to allow traffic to specific websites and then deny all other web/https traffic.  Keep in mind that in the configuration I am assuming you have two seperate interfaces for the two network connected to the ASA (that could be two subinterfaces or two seperate physical interfaces.

access-list LAN1 permit tcp 192.168.2.0 255.255.255.0 any eq http
access-list LAN1 permit tcp 192.168.2.0 255.255.255.0 any eq https

regex domainlist1 "\.yahoo\.com"
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"

class-map LAN
  match access-list LAN1

class-map type regex match-any DomainList
  match regex domainlist1
  match regex domainlist2
  match regex domainlist3

class-map type inspect http match-all DomainClass
  match request header host regex class DomainList

policy-map type inspect http http_inspect_policy
  class DomainClass
    inspect
  class class-default
    drop

policy-map inside1-policy
  class LAN1
    inspect http http_inspect_policy

service-policy inside1-policy interface inside1

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card