- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2013 11:06 PM - edited 03-11-2019 06:00 PM
Hi,
I am trying to block certain URL paths within a website. For example I would want to block any request to www.asdf.com/test/input.asp, other request like www.asdf.com should be accepted.
I tried building a regex to match test/input.asp and the regex test says match succeeded, however after applying it via service policy the URL still works. The following regex has been applied to match test/input.asp
.+\/test\/input\.asp
Where could I be wrong?
Regards
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2013 12:32 AM
Your regex has to be the following:
regex Block-test "\/test\/input\.asp"
The URI doesn't include the fqdn. So there is nothing to match before the "/test ..."
And is your asa on version <= 8.2? If not the IP in the ACL has to be the real IP.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2013 11:23 PM
Please paste your complete filtering-config. And be aware that it can't work if you access the site with HTTPS. Are you an the ASA or on an IOS-router?
Sent from Cisco Technical Support iPad App
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2013 11:50 PM
Hi Karsten,
The filtering config reads like the following:
regex Block-test ".+\/test\/input\.asp"
access-list outside_mpc extended permit ip any host 2.2.2.2
class-map outside-class
match access-list outside_mpc
policy-map type inspect http Block-test
parameters
match request uri regex Block-test
drop-connection log
policy-map outside-policy
class outside-class
inspect http Block-test
service-policy outside-policy interface outside
Its not an https connection and the configuration is on the ASA.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2013 12:32 AM
Your regex has to be the following:
regex Block-test "\/test\/input\.asp"
The URI doesn't include the fqdn. So there is nothing to match before the "/test ..."
And is your asa on version <= 8.2? If not the IP in the ACL has to be the real IP.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-13-2013 01:19 AM
It worked, thanks a lot.
Regards
