CISCo ASA web filter using regex

AHMEDMAHMOUD · ‎02-11-2013

Dear all

i work for the folloiwng configuration to allow ssome websites for internal users , i test all the configuration and it is running ok , the point what i face is when i try to browse yahoo.com , some of the page content doesnot appear as showed down in the page . the point that i try to check what the problem but invain ,

ASA Version 8.4(2)

!

hostname ciscoasa

enable password qM2/Rr9J2rEGCCSH encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

description TO-ISP

nameif outside

security-level 0

ip address 172.16.1.2 255.255.255.0

!

interface Ethernet0/1

no nameif

no security-level

no ip address

!

interface Ethernet0/1.50

description Data-vlan

vlan 50

nameif inside1

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Ethernet0/1.60

description Wlan-Vistor-Vlan

vlan 60

nameif inside2

security-level 50

ip address 192.168.4.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif managament

security-level 0

ip address 192.168.5.1 255.255.255.0

management-only

!

regex domainlist10 "\.cibworld\.nl"

regex domainlist11 "\.nbe\.com"

regex domainlist20 "\mustathmir\.net"

regex domainlist12 "\.alwatany\.net"

regex domainlist21 "\holding\.com"

regex domainlist13 "\.alahlynet\.com"

regex domainlist22 "\org\.eg"

regex domainlist14 "\.imc-egypt\.org"

regex domainlist23 "\.elwatannews\.com"

regex domainlist15 "\.ida.gov\.eg"

regex domainlist16 "\itc-egypt\.org"

regex domainlist17 "\.gov\.eg"

regex domainlist18 "\eg\.com"

regex domainlist19 "\cairofair\.com"

regex domainlist1 "\.yahoo\.com"

regex domainlist2 "\.hotmail\.com"

regex domainlist4 "\.live\.com"

regex domainlist5 "\youm7*\.com"

regex domainlist6 "\.nsgb\.com"

regex domainlist7 "\.netabank\.net"

regex domainlist8 "\.google\.com"

regex domainlist9 "\.cibeg\.com"

ftp mode passive

clock timezone EEST 2

clock summer-time EEDT recurring last Fri Apr 0:00 last Fri Sep 0:00

dns domain-lookup outside

dns server-group DefaultDNS

name-server 172.16.1.1

same-security-traffic permit intra-interface

object network DataVLAN

subnet 192.168.1.0 255.255.255.0

description Data VLAN

object network Wirelessvlan

subnet 192.168.4.0 255.255.255.0

description Wireless vlan

object network test

host 192.168.1.22

description test

object network 192.168.1.8

host 192.168.1.8

object-group network Some_Internet

network-object host 192.168.1.13

network-object host 192.168.1.106

network-object host 192.168.1.6

network-object host 192.168.1.20

network-object host 192.168.1.18

network-object host 192.168.1.14

network-object host 192.168.1.12

network-object host 192.168.1.17

network-object host 192.168.1.11

network-object host 192.168.1.5

network-object host 192.168.1.7

network-object host 192.168.1.10

network-object host 192.168.1.15

network-object host 192.168.1.16

network-object object 192.168.1.8

object-group-search access-control

access-list inside1_access_in extended permit tcp any any eq telnet

access-list inside1_access_in extended permit ip any any

access-list AllowedSites extended permit tcp object-group Some_Internet any eq www

access-list AllowedSites extended permit tcp object-group Some_Internet any eq 8080 inactive

access-list AllowedSites extended deny tcp object DataVLAN any eq www

access-list AllowedSites extended deny tcp object DataVLAN any eq 8080 inactive

access-list outside_access_in extended permit icmp 172.16.1.0 255.255.255.0 any

access-list inside2_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside1 1500

mtu inside2 1500

mtu managament 1500

ip verify reverse-path interface outside

ip verify reverse-path interface managament

ip audit info action alarm drop

ip audit attack action alarm drop

icmp unreachable rate-limit 1 burst-size 1

icmp permit any outside

no asdm history enable

arp timeout 14400

!

object network DataVLAN

nat (inside1,outside) dynamic interface dns

object network Wirelessvlan

nat (inside2,outside) dynamic interface dns

!

nat (inside1,outside) after-auto source dynamic any interface

access-group outside_access_in in interface outside

access-group inside1_access_in in interface inside1

access-group inside2_access_in in interface inside2

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

timeout xlate 1:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

no user-identity enable

user-identity default-domain LOCAL

http server enable

http 192.168.5.0 255.255.255.0 managament

http 192.168.1.0 255.255.255.0 inside1

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet 192.168.1.0 255.255.255.0 inside1

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection scanning-threat

threat-detection statistics host

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

!

class-map type regex match-any Domain-Allowed-List

match regex domainlist10

match regex domainlist22

match regex domainlist21

match regex domainlist12

match regex domainlist11

match regex domainlist20

match regex domainlist14

match regex domainlist13

match regex domainlist16

match regex domainlist15

match regex domainlist18

match regex domainlist17

match regex domainlist19

match regex domainlist1

match regex domainlist2

match regex domainlist5

match regex domainlist4

match regex domainlist7

match regex domainlist6

match regex domainlist9

match regex domainlist8

match regex domainlist23

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all asdm_high_security_methods

match not request method head

match not request method get

class-map httptraffic

match access-list AllowedSites

class-map type inspect http match-all Domain-Allowed-Class

match not request header host regex class Domain-Allowed-List

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum client auto

message-length maximum 512

policy-map type inspect http http_inspection_policy

parameters

class Domain-Allowed-Class

drop-connection log

match request method connect

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect ipsec-pass-thru

class class-default

user-statistics accounting

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy

!

service-policy global_policy global

service-policy inside-policy interface inside1

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:0c9f3c5d28823228b53613f19e4a282b

: end

no asdm history enable

jocamare · ‎02-19-2013

Assuming you have tried the same website from different browsers and boxes, i would suggest removing the regex configuration temporarily [preferably after working hours] and try it again.

no service-policy inside-policy interface inside1 --> disables

service-policy inside-policy interface inside1 ---> enables