07-27-2010 12:21 PM - edited 03-11-2019 11:16 AM
ASA5505 running 8.0(4)
I added this code and it blocks the social sites as required.
It also blocks http://travel.state.gov in particular and possilby others per my customer.
Can you help me to see my error?
!
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.facebook\.com"
regex domainlist5 "\.twitter\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
!
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
class-map type regex match-any DomainBlockList
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
!
service-policy inside-policy interface inside
!
Phil
Solved! Go to Solution.
07-27-2010 02:03 PM
Hi Phil,
It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:
Content-Type: application/javascript
This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.
Hope that helps
-Mike
07-27-2010 02:03 PM
Hi Phil,
It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:
Content-Type: application/javascript
This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.
Hope that helps
-Mike
07-27-2010 03:16 PM
Mike,
Thanks for the reply. That did the trick. My problem is I'm not a MicroSquish person - that dates me as it is - so I did not know where to start. I'll delve more into MPF because I know I need it for much more too.
Phil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide