12-04-2013 08:35 AM - edited 03-11-2019 08:12 PM
I'M TRYING TO FILTER IN MY FWSM URLS
I have some problems because all my https traffic is being discarded.
The configuractions below:
class-map inside1-class
match port tcp eq https
!
!
policy-map type inspect http URL
description URL
parameters
protocol-violation action drop-connection
match request uri regex FACEBOOK
drop-connection log
match request uri regex YOUTUBE
drop-connection log
policy-map inside1-policy
class inside1-class
inspect http URL
!
service-policy inside1-policy interface inside1
Any good indications will be appreciated
Solved! Go to Solution.
12-04-2013 12:08 PM
Hello,
Okey so just to end this will not work as the content will be encrypted bud.
Sorry to let you know that.
You need a content device capable of doing it.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-04-2013 11:58 AM
Hello Jose,
You are matching HTTPs traffic. This will not work as that traffic will be encrypted and the ASA will not be able to decrypt that traffic as it's not working as a proxy.
For HTTPs content filtering you need to have a dedicated server such as a websense box
Regards,
Jcarvaja
12-04-2013 12:03 PM
Hello Julio,
I did it men
using the followings script
regex domainlist16 "\.sharing-file\.com"
regex domainlist17 "\.keepandshare\.com"
regex domainlist18 "\.kazaa\.com"
regex domainlist19 "\.zeropaid\.com"
regex domainlist20 "\.daniweb\.com"
regex domainlist21 "\.megashare\.com"
regex domainlist22 "\.ahlyegypt\.com"
regex domainlist23 "\.ultrareach\.net"
regex domainlist24 "\.wujie\.net"
regex domainlist25 "\.tv2free\.com"
regex domainlist26 "\.sharereactor\.com"
regex domainlist27 "\.youporn\.com"
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
match regex domainlist6
match regex domainlist7
match regex domainlist8
match regex domainlist9
match regex domainlist10
match regex domainlist11
match regex domainlist12
match regex domainlist13
match regex domainlist14
match regex domainlist15
match regex domainlist16
match regex domainlist17
match regex domainlist18
match regex domainlist19
match regex domainlist20
match regex domainlist21
match regex domainlist22
match regex domainlist23
match regex domainlist24
match regex domainlist25
match regex domainlist26
match regex domainlist27
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
######################################################################################################################
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
class-map httptraffic
match access-list inside_mpc
###################################################################################################################33
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class BlockDomainsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
#############################################################################################################################
service-policy inside-policy interface inside
The main proble that i had is that the client can still visit facebook using
https:facebook.com
if i add in the acl
access-list inside_mpc extended permit tcp any any eq 443
All my https traffic goes down
12-04-2013 12:08 PM
Hello,
Okey so just to end this will not work as the content will be encrypted bud.
Sorry to let you know that.
You need a content device capable of doing it.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
12-04-2013 01:43 PM
Thanks man,
After some hours of searching and feeling angry that there are more cheaper servers in linux that can do this i recognize you're correct. Thanks for your help.
Regards
12-04-2013 01:51 PM
Hello Jose,
Hey man my pleasure to help,
Have a great day.
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide