cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

850
Views
0
Helpful
3
Replies
Highlighted
Beginner

How to block website Cisco ASA using MPF?

Hi everyone,

 

our firewall is currently on code 8.2. i want to know how to block a specific website using MPF and dropping dns query. 

 

i am able to block it for whole inside network but not for a specific ip address or group of ips. 

 

here is the code i am using. 

 

name 192.168.66.25 dummy-user
access-list dummy-user-rl extended permit ip any host dummy-user
access-list dummy-user-rl extended permit ip host dummy-user any
global (outisde) 17 201.xxx.yyy.zzz
nat (inside) 17 dummy-user 255.255.255.255
!
regex domain_netflix.com "\.netflix\.com"
!
class-map dummy-user-rl
match access-list dummy-user-rl
!
class-map type inspect dns match-all cm-dbl
description Blocked Domains
match domain-name regex domain_netflix.com
!
policy-map type inspect dns dns-inspect-pm
parameters
message-length maximum 512
match domain-name regex domain_netflix.com
class cm-dbl
drop log
!
policy-map global_policy
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm
!
service-policy global_policy global

3 REPLIES 3
Highlighted
VIP Expert

So you looking only specific IP to block this URL is this correct, 

 

If so please refer below document, should be help for you to resolve.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#req

 



BB


*** Rate All Helpful Responses ***

Highlighted

The link you shared is about OS version >=8.3. i am using version 8.2. 

Highlighted
VIP Advisor

Try the following:

 

regex block-netflix.com "netflix\.com"

 

class-map type regex match-any DOMAIN-BLOCK

 match regex block-netflix.com

 

policy-map type inspect dns dns-inspect-pm

 match domain-name regex class DOMAIN-BLOCK

   drop-connection log

 

policy-map global_policy 
class dummy-user-rl
police input 4000000 12375
police output 4000000 12375
inspect dns dns-inspect-pm

service-policy global_policy global

 

--
Please remember to select a correct answer and rate helpful posts
Content for Community-Ad