The practical applicaiton for this is so clever students cannot bypass our DNS-based internet filter (as implemented by systems like DNS Redirector, OpenDNS, and others)
Basically I need to ensure only a URL will a domain name will load, but not a URL with an IP address. There is no good reason anyone should be accessing sites by IP in our environment, in the rare case we need that I would make a DNS record for it.
Based on the above I have experienced...
blockex1 - works for blocking any URL with /test/ in it, ok, so I know my regex blocking is possible/working
blockex2 - works for blocking any URL with cisco.com in it, ok, so I know my regex blocking is possible/working
blockex3 blocks everything, nobody can surf anywhere, not what I want
blockex4 blocks everything, nobody can surf anywhere, not what I want
blockex6 does nothing, not what I want
blockex7 does nothing, not what I want
Any suggestions?? I tried different variants becuase I could not verify if all special meaning regex characters were supported by the ASA.
Currently the only way I am able to accomplish this is with a BHO object in the browser, changes to which are locked out by AD group-policy, but I have only found this solution for IE - I'd like to provide other browsers :-/
Our DNS-based blacklist has over 12000 keywords, blocking even more than that in currently active domain-names and even future, yet to be registered, suspicious domains. Adding these all to the ASA is not practical.
Is there any other network appliance that can do this? Or have I uncovered a bug in ASA's filtering URLs via regex?
It would seem that regex blocking should never include the http:// or https:// part of the URL, is that correct? can someone confirm that's how it's supposed to work on the ASA?
If I turn on logging in ASDM I can see my URLs with a domain, or with an IP, go flying by, but I always notice that an IP is out in front before the http:// is the whole line being checked against a regex? If that's the case, I think it's broken, but I can see why everything would come up blocked with a regex like "\d+\.\d+\.\d+\.\d+" then.
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...