Showing results for 
Search instead for 
Did you mean: 


CISCo ASA web filter using regex

Dear all

i work for the folloiwng configuration to allow ssome websites for internal users , i test all the configuration and it is running ok , the point what i face is when i try to browse , some of the page content doesnot appear as showed down in the page . the point that i try to check what the problem but invain ,

ASA Version 8.4(2)


hostname ciscoasa

enable password qM2/Rr9J2rEGCCSH encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Ethernet0/0

description TO-ISP

nameif outside

security-level 0

ip address


interface Ethernet0/1

no nameif

no security-level

no ip address


interface Ethernet0/1.50

description Data-vlan

vlan 50

nameif inside1

security-level 100

ip address


interface Ethernet0/1.60

description Wlan-Vistor-Vlan

vlan 60

nameif inside2

security-level 50

ip address


interface Ethernet0/2


no nameif

no security-level

no ip address


interface Ethernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif managament

security-level 0

ip address



regex domainlist10 "\.cibworld\.nl"

regex domainlist11 "\.nbe\.com"

regex domainlist20 "\mustathmir\.net"

regex domainlist12 "\.alwatany\.net"

regex domainlist21 "\holding\.com"

regex domainlist13 "\.alahlynet\.com"

regex domainlist22 "\org\.eg"

regex domainlist14 "\.imc-egypt\.org"

regex domainlist23 "\.elwatannews\.com"

regex domainlist15 "\\.eg"

regex domainlist16 "\itc-egypt\.org"

regex domainlist17 "\.gov\.eg"

regex domainlist18 "\eg\.com"

regex domainlist19 "\cairofair\.com"

regex domainlist1 "\.yahoo\.com"

regex domainlist2 "\.hotmail\.com"

regex domainlist4 "\.live\.com"

regex domainlist5 "\youm7*\.com"

regex domainlist6 "\.nsgb\.com"

regex domainlist7 "\.netabank\.net"

regex domainlist8 "\.google\.com"

regex domainlist9 "\.cibeg\.com"

ftp mode passive

clock timezone EEST 2

clock summer-time EEDT recurring last Fri Apr 0:00 last Fri Sep 0:00

dns domain-lookup outside

dns server-group DefaultDNS


same-security-traffic permit intra-interface

object network DataVLAN


description Data VLAN

object network Wirelessvlan


description Wireless vlan

object network test


description test

object network


object-group network Some_Internet

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object host

network-object object

object-group-search access-control

access-list inside1_access_in extended permit tcp any any eq telnet

access-list inside1_access_in extended permit ip any any

access-list AllowedSites extended permit tcp object-group Some_Internet any eq www

access-list AllowedSites extended permit tcp object-group Some_Internet any eq 8080 inactive

access-list AllowedSites extended deny tcp object DataVLAN any eq www

access-list AllowedSites extended deny tcp object DataVLAN any eq 8080 inactive

access-list outside_access_in extended permit icmp any

access-list inside2_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside1 1500

mtu inside2 1500

mtu managament 1500

ip verify reverse-path interface outside

ip verify reverse-path interface managament

ip audit info action alarm drop

ip audit attack action alarm drop

icmp unreachable rate-limit 1 burst-size 1

icmp permit any outside

no asdm history enable

arp timeout 14400


object network DataVLAN

nat (inside1,outside) dynamic interface dns

object network Wirelessvlan

nat (inside2,outside) dynamic interface dns


nat (inside1,outside) after-auto source dynamic any interface

access-group outside_access_in in interface outside

access-group inside1_access_in in interface inside1

access-group inside2_access_in in interface inside2

route outside 1

timeout xlate 1:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

no user-identity enable

user-identity default-domain LOCAL

http server enable

http managament

http inside1

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

telnet inside1

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection scanning-threat

threat-detection statistics host

threat-detection statistics port

threat-detection statistics protocol

threat-detection statistics access-list

no threat-detection statistics tcp-intercept



class-map type regex match-any Domain-Allowed-List

match regex domainlist10

match regex domainlist22

match regex domainlist21

match regex domainlist12

match regex domainlist11

match regex domainlist20

match regex domainlist14

match regex domainlist13

match regex domainlist16

match regex domainlist15

match regex domainlist18

match regex domainlist17

match regex domainlist19

match regex domainlist1

match regex domainlist2

match regex domainlist5

match regex domainlist4

match regex domainlist7

match regex domainlist6

match regex domainlist9

match regex domainlist8

match regex domainlist23

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all asdm_high_security_methods

match not request method head

match not request method get

class-map httptraffic

match access-list AllowedSites

class-map type inspect http match-all Domain-Allowed-Class

match not request header host regex class Domain-Allowed-List



policy-map type inspect dns preset_dns_map


message-length maximum client auto

message-length maximum 512

policy-map type inspect http http_inspection_policy


class Domain-Allowed-Class

drop-connection log

match request method connect

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

inspect ip-options

inspect ipsec-pass-thru

class class-default

user-statistics accounting

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy


service-policy global_policy global

service-policy inside-policy interface inside1

prompt hostname context

no call-home reporting anonymous


: end

no asdm history enable

yahoo after regex.png


Assuming you have tried the same website from different browsers and boxes, i would suggest removing the regex configuration temporarily [preferably after working hours] and try it again.

no service-policy inside-policy interface inside1 --> disables

service-policy inside-policy interface inside1 ---> enables