Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2715
Views
0
Helpful
2
Replies

how to Block Website on ASA ?

vinayak
Level 1
Level 1

‎09-09-2010 11:22 PM - edited ‎03-11-2019 11:38 AM

Hello Everyone,

I want to block my LAN users from accessing social networking websites.

Can anyone tell me with example how can i do it ??

Labels:
0 Helpful
2 Replies 2

sachinga.hcl
Level 4
Level 4

‎09-10-2010 05:21 AM

Hi Vinayak,


Can you get away with Blacklisting/whitelisting just the IP addresses and/or websites that your users need to visit?  If so, you can probably use just your ASA.  Otherwise you're going to want a good web filtering/proxy solution.  Check out IronPort, Webwasher, Blue Coat, SurfControl, or even Squid (open source.)


Otherwise can also tie the ASA directly into a filtering product like WebSense, check out the ASA documentation.


When deploying a web filtering product you can either go "inline" or transparent by using WCCP redirection, but I'd suggest against it, since it breaks normal web browser behavior.  Better option is to use WPAD (web proxy auto-detect) and have your browsers point-to and/or be explicitly configured to use the proxy.


You can use combination of regex & HTTP inspection with ASA 7.2+ code to achieve this

regex YOUTUBE "youtube\.com"

policy-map type inspect http xyz

parameters

  protocol-violation action drop-connection log

match request header host regex YOUTUBE

  drop-connection log

policy-map global_policy

class inspection_default

.

.

< SNIP..>

.

.

  inspect http xyz

Another example at
Block Certain Websites (URLs) Using Regular Expressions with MPF Configuration Examples (useful in your case for blocking sites specifically)
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940c5a.shtml

A good example can be found at
ASA and PIX using http inspection to filter URLs and Hosts in HTTP

http://www.internetworkpro.org/wiki/ASA_and_PIX_using_http_inspection_to_filter_URLs_and_Hosts_in_HTTP


Please keep in touch if you face any issues in this regard and do let me know so that i can troubleshoot it further for you .

Please rate  if you find it informative.


HTH


Sachin Garg

0 Helpful

mirober2
Cisco Employee
Cisco Employee
In response to sachinga.hcl

‎09-10-2010 05:23 AM

In addition to all the options that Sachin provided, I'll add one more. If the ASA is a 5510 or higher, you can also purchase the CSC-SSM that can provide URL filtering and blocking:

http://www.cisco.com/en/US/products/ps6823/index.html

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card