Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4287
Views
0
Helpful
4
Replies

Regex expression to block certain URL's.

Go to solution
Sundeep Dsouza
Level 1
Level 1

‎02-12-2013 11:06 PM - edited ‎03-11-2019 06:00 PM

Hi,

I am trying to block certain URL paths within a website. For example I would want to block any request to www.asdf.com/test/input.asp, other request like www.asdf.com should be accepted.

I tried building a regex to match test/input.asp and the regex test says match succeeded, however after applying it via service policy the URL still works. The following regex has been applied to match test/input.asp

.+\/test\/input\.asp

Where could I be wrong?

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP
In response to Sundeep Dsouza

‎02-13-2013 12:32 AM

Your regex has to be the following:

regex Block-test "\/test\/input\.asp"

The URI doesn't include the fqdn. So there is nothing to match before the "/test ..."

And is your asa on version <= 8.2? If not the IP in the ACL has to be the real IP.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Karsten Iwen
VIP
VIP

‎02-12-2013 11:23 PM

Please paste your complete filtering-config. And be aware that it can't work if you access the site with HTTPS. Are you an the ASA or on an IOS-router?


Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to Karsten Iwen

‎02-12-2013 11:50 PM

Hi Karsten,

The filtering config reads like the following:

regex Block-test ".+\/test\/input\.asp"

access-list outside_mpc extended permit ip any host 2.2.2.2

class-map outside-class

match access-list outside_mpc

policy-map type inspect http Block-test

parameters

match request uri regex Block-test

  drop-connection log

policy-map outside-policy

class outside-class

  inspect http Block-test

service-policy outside-policy interface outside

Its not an https connection and the configuration is on the ASA.

Regards

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to Sundeep Dsouza

‎02-13-2013 12:32 AM

Your regex has to be the following:

regex Block-test "\/test\/input\.asp"

The URI doesn't include the fqdn. So there is nothing to match before the "/test ..."

And is your asa on version <= 8.2? If not the IP in the ACL has to be the real IP.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Sundeep Dsouza
Level 1
Level 1
In response to Karsten Iwen

‎02-13-2013 01:19 AM

It worked, thanks a lot.

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card