You can do this by using URL

Samrat Bose · ‎10-25-2015

Hello Experts,

I want to block access to a website which is running on multiple IP addresses (changes every time) but keep the following points in account:

a) I'm using ASA 5505 and other Cisco switches

b) I don't have any content filters like Websense linked with the ASA 5505

c) I have already tried using ACL by denying the entire IP block of the target website, but that results to blocking of some legitimate websites (because the hosting company uses the same network range to host other websites too, which are essential and needful).

Please help me by giving some suggestions regarding how can I do this with ACL, if possible. I know that may be if I adopt using content filters, it will yield my desired result, but still looking for some expert opinions.

Thanks in advance.

Samrat Bose.

Marius Gunnerud · ‎10-26-2015

You can do this by using URL filtering using Regex. Something like the following to drop anything in the yahoo.com domain:

regex BLOCKED_REG "yahoo\.com"

class-map type inspect http match-any BLOCKED_CLASS
match request uri regex BLOCKED_REG

policy-map type inspect http BLOCKED_POLICY
parameters
class BLOCKED_CLASS
drop-connection log

policy-map global_policy
class inspection_default
inspect http block BLOCK_POLICY

service-policy global_policy global

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

How to block access to any website which is running on different IP addresses?