Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
996
Views
0
Helpful
3
Replies

Block domainlist by regex

ramatoulaye.hane1
Level 1
Level 1

‎10-17-2018 03:29 AM - edited ‎02-21-2020 08:21 AM

Dear All,

 

I am using URL filter by regex on my ASA 5525 version 9.2(2)4 but it's not working. The domains are not blocked. Please find in attachment the config I used

 

 

 

Preview file
1 KB
0 Helpful
3 Replies 3

ramatoulaye.hane1
Level 1
Level 1

‎10-17-2018 05:14 AM

Dears Support,

Thank in advance for your support.

0 Helpful

mikael.lahtela
Level 4
Level 4
In response to ramatoulaye.hane1

‎10-17-2018 12:35 PM

Hi,

I think the problem is that url is TLS encrypted so I don't think you can block it.
Try with a domain that works with HTTP traffic to see if you have done it correctly.

br, Micke
0 Helpful

ramatoulaye.hane1
Level 1
Level 1
In response to mikael.lahtela

‎10-18-2018 02:20 AM

Hi Michael,

 Thank for your feedback. I try with another domain http but still the same. Below the config. The traffic is from inside to outside.

 

regex speedtest "\.speedtest\.net"
class-map type regex match-any DomainBlockList
  match regex speedtest
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class BlockDomainsClass
reset log

access-list 103 extended permit ip any4 any4

class-map httptraffic
match access-list 103

policy-map inside-policy
class httptraffic
inspect http http_inspection_policy

service-policy inside-policy interface inside

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card