cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3526
Views
0
Helpful
5
Replies

regex how to block long url: www.123.com/login/login.asp

MJonkers
Level 1
Level 1

Hi,

How do I block this url in a ASA with http inspection?

www.123.com/login/login.asp

When I use this expression it does not work:      www\.123\.com\/login\/login\.asp

thx,

Marc

5 Replies 5

Kureli Sankar
Cisco Employee
Cisco Employee

Pls. see the sample that I listed here for facebook.com

https://supportforums.cisco.com/docs/DOC-1268#Same_domain_allowdeny

-KS

I saw your article, but you use "match request header host regex" So it only blocks for example www.123.com but not www.123.com/login/login.asp.

If I use the / in the regex it does not work anymore even if I config it as www\.123\.com\/login\/login\.asp

Any other suggestions?

Regards,

Marc

Marc,

Would you pls. try the "uri" option listed here?

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/m.html#wp2034126

I will test and post the lines when I get a moment.

-KS

Hi,

I looked at the article is this for SIP headers? When I change the config from host to uri it still will not work.

Regards,

Marc

Hi,

I found this in the forum (which means that I cannot block whole websites because I have to create them from the host en uri values. If I want to block both websites: www.cisco.com/support/firewall.html and www.googledocs.com/docs/3456/doc.html how do I solve this?):

_________________________________________________________________________________________________

A URL is composed by four parts:

  • Protocol: Also called URL scheme, this specifies which protocol is used to access the document.
  • Computer name: Gives the name of the computer (usually a domain name or IP address) where the content is hosted.
  • Directories: Secuence of directories separated by slashes that define the path to follow to reach the document.
  • File: The name of the file where the resource is located.

URI identifies a resource, while URL in addition, specifies the access method (network location) like having http//: or ftp:// and then the IP address like http://10.20.30.40

URN is name given to the URL.

Here our scope is the URI and host.

As I said host is found in HTTP header

For  http://10.20.30.40/services , the host is "10.20.30.40" and uri is "services"

For http://www.cisco.com/web/about/index.html , the host is "www.cisco.com" and uri is "/web/about/index.html"

You can check it out using wireshark.

_________________________________________________________________________________________________

Regards,

Marc

Review Cisco Networking for a $25 gift card