Hi,
I'm using ASA5585 with Software Version 8.4(2) and Device Manager Version 6.4(5)
I'm having difficulties configure http inspection policy on this ASA.
My firewall mode is transparent.
My main goal here is to drop connection from user originating from interface test-inside to access outside porn website(ex: http://xvideos.com , porntube.com, etc.)
I already configure the ASA as shown below, but this ASA still didn't block the connection and the user from test-inside still can access the porn site.
Here is the log when the user from test-inside access the porn sites.
And, below is my config in ASA :
access-list inside_mpc extended permit tcp any any eq www
regex xvideos ".*xvideos.*"
regex porn-sites ".*[Pp][Oo][Rr][Nn].*"
regex xxx-sites ".*[Xx][Xx][Xx].*"
class-map httptraffic
match access-list inside_mpc
class-map type regex match-any block-sites
match regex xxx-sites
match regex xvideos
match regex porn-sites
class-map type inspect http match-all BlockURLsClass
match request uri regex class block-sites
!
!
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection log
match request method connect
class BlockURLsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
service-policy inside-policy interface test-inside
Please help.
Regards,
Handaya