Hello,
I have on my Cisco asa 5510 the URL filtering running with regex. The problem that i have now is that i want to allow part of a domain.
For example i want to block cnn.com but i want to allow people to access cnn.com/AFRICA/
I was looking on the ASA URL filtering document but it has an example for sub domains, not for sub folders.
Bellow is my config
regex blockex8 "rojadirecta\.org"
regex blockex9 "megaupload\.org"
regex blockex1 "/facebook/"
regex blockex2 "facebook\.com"
regex blockex3 "taringa\.net"
regex blockex4 "twitter\.com"
regex blockex5 "rapidshare\.com"
regex blockex6 "ustream\.com"
regex blockex7 "youtube\.com"
access-list user-acl extended deny tcp host 172.16.16.133 any eq www
access-list user-acl extended deny tcp host 172.16.16.46 any eq www
access-list user-acl extended deny tcp host 172.16.16.0 any eq www
access-list user-acl extended deny tcp host 172.16.16.226 any eq www
access-list user-acl extended deny tcp host 172.16.16.87 any eq www
access-list user-acl extended permit tcp any any eq www
class-map block-user-class
match access-list user-acl
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-any block-url-class
match request uri regex blockex1
match request header host regex blockex2
match request header host regex blockex4
match request header host regex blockex5
match request header host regex blockex6
match request header host regex blockex7
match request header host regex blockex8
match request header host regex blockex9
match request header host regex blockex3
policy-map type inspect http http-inspect-pol
parameters
policy-map block-user-url-policy
class block-user-class
inspect http block-url-policy
service-policy block-user-url-policy interface inside
