Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3750
Views
5
Helpful
6
Replies

how to allow few url and block other in cisco asa 5510

Go to solution
Hardik Vaidh
Level 1
Level 1

‎12-03-2012 12:56 AM - edited ‎03-11-2019 05:31 PM

how to allow few url and block other in cisco asa 5510
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Eugene Korneychuk
Cisco Employee
Cisco Employee
In response to Hardik Vaidh

‎12-03-2012 01:13 AM

Hello Hardick,

Only http.

HTTPS filtering is not supported on ASA. ASA cannot do deep packet   inspection or inspection based on regular expression for HTTPS traffic,  because  in HTTPS, content of packet is encrypted (SSL).

You  can also use URL filtering to direct specific traffic to an external   filtering server, such an Secure Computing SmartFilter (formerly N2H2)  or  Websense filtering server. Long URL, HTTPS, and FTP filtering can  now be enabled  using both Websense and Secure Computing SmartFilter for  URL filtering.  Filtering servers can block traffic to specific sites  or types of sites, as  specified by the security policy.

For more information on URL filters, refer the following URLs:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/filter.html#wp1042606

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Please, rate helpful posts

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Eugene Korneychuk
Cisco Employee
Cisco Employee

‎12-03-2012 01:01 AM

Hello Hardik,

In this example we will allow only cisco.com, and block everything else:

regex allowex2 "cisco\.com"

class-map type inspect http match-all allow-url-class
 match not request header host regex allowex2

policy-map type inspect http allow-url-policy
 parameters
 class allow-url-class
  drop-connection log
policy-map global_policy
 class inspection_default
  inspect http allow-url-policy

service-policy global_policy global

Hope it helps

0 Helpful

Go to solution
Hardik Vaidh
Level 1
Level 1
In response to Eugene Korneychuk

‎12-03-2012 01:04 AM

thnx

http and https both are block ??

0 Helpful

Go to solution
Eugene Korneychuk
Cisco Employee
Cisco Employee
In response to Hardik Vaidh

‎12-03-2012 01:13 AM

Hello Hardick,

Only http.

HTTPS filtering is not supported on ASA. ASA cannot do deep packet   inspection or inspection based on regular expression for HTTPS traffic,  because  in HTTPS, content of packet is encrypted (SSL).

You  can also use URL filtering to direct specific traffic to an external   filtering server, such an Secure Computing SmartFilter (formerly N2H2)  or  Websense filtering server. Long URL, HTTPS, and FTP filtering can  now be enabled  using both Websense and Secure Computing SmartFilter for  URL filtering.  Filtering servers can block traffic to specific sites  or types of sites, as  specified by the security policy.

For more information on URL filters, refer the following URLs:

http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/filter.html#wp1042606

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008088517b.shtml

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Please, rate helpful posts

0 Helpful

Go to solution
Hardik Vaidh
Level 1
Level 1
In response to Eugene Korneychuk

‎12-03-2012 01:22 AM

thnx a lot dear...

I have more then two remote site.. and i want to block and allow url each center but every center have different requirement ... so it is possible in one cisco 5510 ASA for multiple location.. ?

0 Helpful

Go to solution
Eugene Korneychuk
Cisco Employee
Cisco Employee
In response to Hardik Vaidh

‎12-03-2012 01:26 AM

You can configure different regex, for different requirement.

Go to solution
Hardik Vaidh
Level 1
Level 1
In response to Eugene Korneychuk

‎12-03-2012 01:31 AM

ok thnx will check.. thnx a lot

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card