Re: URL blocking to be applied to specific users

consult_srishti · ‎02-10-2010

Dear Team,

I am having ASA firewall 5520. I want to block yahoo mail, gmail using regex for particular users only.

How to go about it?

Thanks and Regards,

Divya

bthompson001 · ‎02-10-2010

The first response on this particular post to the forum pretty much sums up how it's done. I've tried it per this gentleman's response and it does work.

https://supportforums.cisco.com/message/880042#880042

Diego Armando Cambronero Arias · ‎02-10-2010

Unfortunatelly you cannot block the sites per user. You can block it based in the access-list that you apply to the Class-map but not based in the username of a user in a domain controller for example.

Kureli Sankar · ‎02-10-2010

Divya,

The CSC module can do this based on active directory user accounts. It goes in the slot on the back of the ASA. Besides that you need to specify IP address and not username to block it.

You can read about the CSC module here: http://www.ciscosystems.co.ck/en/US/docs/security/csc/csc62/administration/guide/csc8.html

Another alternative is to use websense or N2H2 server on the inside to do content filtering.

-KS

Panos Kampanakis · ‎02-11-2010

If you want to block the urls on the ASA only then use example in https://supportforums.cisco.com/docs/DOC-1268#Allow_every_url_for_specific_hosts_block_specific_urls_for_the_rest

It will give you exactly what you want.

I hope it helps.

PK

mamer28983 · ‎12-08-2012

HI expert,

Would you please help me in this issue I have ASA 5510 and I need to block URL to be applied to specific users not using the IP address. I integrate ASA with my active directory now it’s (ASA) detecting the users from my domain but he is not applied the rules on the users.

It’s only working using the IP address using trend micro content security

Any help in this issue.

if you have any idea please contact me on my email :

mamer@vseegypt.com

mamer1983@hotmail.com

Thanks.