07-08-2010 06:09 AM - edited 03-11-2019 11:08 AM
I would like to write a policy on the ASA to block any URL with the word "facebook" in it, except for www.facebook.com so www.wwfacebook.com and www.wwwfacebook.com would be blocked but www.facebook.com would not.
I believe the blocking policy should look like below, but I am unsure how I should create an exception to allow www.facebook.com
regex blockex1 "/facebook/"
class-map type inspect http match-any block-url-class
match request uri regex blockex1
policy-map type inspect http block-url-policy
parameters
class block-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http block-url-policy
service-policy global_policy global
07-08-2010 08:54 AM
You can create a more specific regex that will match www.facebook.com and put that policy first in the MPF policy-map. When this traffic is matched (ie when someone goes to www.facebook.com), this class of traffic will be matched first and will allow that connection. When the user attempts to go to any other website with 'facebook' in the URL, it will NOT match the first policy (for www.facebook.com) but will match the second policy (matching 'facebook' anywhere else in the URL) and will be dropped.
Best Regards,
Kevin
07-08-2010 09:32 AM
Great, but what action do I apply to the permit traffic? as their is no forward or permit
07-08-2010 11:40 AM
No need to put an action for the 'www.facebook.com' instance - leaving the
policy blank should do the trick.
Hope this helps!
Best Regards,
Kevin
07-08-2010 11:45 AM
Hello,
Please check out the example configurations in the link below:
https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0
Hope this helps you in configuring the allow part.
Regards,
NT
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide