Re: asa 5505 - blocking url without websense or N2H2

gprever71 · ‎04-25-2007

Hi !

I just have a couple of url to block, so I don't really want to implement a server like websense or N2H2 to manage the web content I want to block. Is there a way in the ASA-5505 to deny access to certain web pages with the url of the page ?

sachinraja · ‎04-26-2007

hello gprever,

I really dont think this is possible.. one way is to use ACLs to block IPs of the particular URL's .. or to use an external proxy server, which can do this.. most of the proxy servers now do basic URL filtering..

Hope this helps.. all the best..

Raj

gprever71 · ‎04-27-2007

I was thinking about a string value as a regular expression and then reject it in an inspect class map; but I haven't fiddled around with it yet, so I don't quiet understand how it works really. Any body who would think it is achievable that way ?

oabduo983 · ‎04-27-2007

It is acheivable through Regex... I'm still looking for a solution... I was working on it last night, but could not get it to work... i would appreciate if somebody can post some lines on this...

The following is my work trying to block access to Fortinet.com... please advise if you know how to fix this issue:

PIX Version 7.2(2)

regex test1 "fortinet.com"

regex test2 "www.fortinet.com"

regex test3 "http://www.fortinet.com"

route outside 0.0.0.0 0.0.0.0 10.1.201.254 1

class-map type regex match-any httpkill

match regex test1

match regex test2

match regex test3

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all httpkill1

match request uri regex class httpkill

policy-map type inspect http httpkill1

parameters

class httpkill1

drop-connection log

policy-map global_policy

class inspection_default

inspect http httpkill1

service-policy global_policy global