I see many post about how to block a single website, but I want to do the opposite. I would like to block all website except for a handful of them. Does anyone have any example configs?
You could place an ACL on the inside interface like this:
Access-list inside_to_out permit tcp any host xxxxxx eq 80
Access-list inside_to_out permit tcp any host yyyyy q 80
Access-list inside_to_out permit tcp any host zzzzz eq 80
Access-list inside_to_out deny tcp any any eq 80
Where the xxxx and yyy and zzzz are the few ip addresses of the web-servers you want to allow acces to.
Can I use URLs? What about someone using https? I am thinking of checking out the Cisco Iron port Device for blocking. Do you think that is overkill? I also see websense integrates with the ASA, I might go that route...
Yes you should be able to:
Of course, you will need to create some soft of regex that will deny all the websites such as *.com, but first of course permit the websites you want.
Another option will be using FQDN acls (Only supported on version 8.4.2 and higher) Here is the example.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: