03-08-2011 07:19 AM - edited 03-11-2019 01:02 PM
Hi at all and sorry for my bad english...
I have a problem configuring url filtering on ASA 5505 rel 8.3.1: I have to block the web navigation to facebook and, with my configuration, it works fine.
The problem is when I try to access on other sites where there are a links to facebook, I cannot see that site and not only the button of facebook.
I hope that I explain it well, here is my configuration, thanks at all!!!
Hubert7
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"
regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"
regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"
regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"
regex domainlist1 "\.facebook\.it"
regex domainlist2 "\.facebook\.*"
regex domainlist3 "*\.facebook\.*"
regex contenttype "Content-Type"
regex applicationheader "application/.*"
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type regex match-any URLBlockList
match regex urllist1
match regex urllist2
match regex urllist3
match regex urllist4
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
class-map type inspect http match-all BlockURLsClass
match request uri regex class URLBlockList
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
class BlockURLsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
service-policy inside-policy interface inside
03-08-2011 01:11 PM
I am not sure if there is a workaround to that issue since this type of filtering is basic. For better results you should be looking at a solution that looks into the content of the website. I know websense is able to block just the denied content and display the rest. I think the CSC-SSM is able to do that.
I hope this helps.
03-09-2011 09:26 AM
Thank you Paul
03-09-2011 10:23 AM
if things are fine please mark the question as answered.
Have a good one.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide