cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

800
Views
20
Helpful
9
Replies
slug420
Beginner

URL filtering on 5505?

Can someone help me with a basic config to filter like cisco.com (or any of its pages) using a 5505?  I am trying to *block* this site.  Here is what I had from the URL filtering howto:

!
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-any block-url-class
match request header host regex block1
!
!
policy-map type inspect http block-url-policy
parameters
class block-url-class
  drop-connection log
policy-map global_policy
class inspection_default
  inspect http block-url-policy
!
service-policy global_policy global

I got an error initially about there being no inspection_default class so im not sure if I recreated it correctly/completely...

thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
PAUL GILBERT ARIAS
Contributor

this is a configuration I have tested:

regex block-url ".\myspace.\com"

class-map type regex match-any cm-block-url

match regex block-url

policy-map type inspect http pm-block-url

parameters

match request header host regex class cm-block-url

  drop-connection log

policy-map global_policy

class inspection_default

  inspect http pm-block-url

service-policy global_policy global

View solution in original post

9 REPLIES 9
PAUL GILBERT ARIAS
Contributor

can you paste the show run regex, show run class-map and show run policy-map?

PAUL GILBERT ARIAS
Contributor
PAUL GILBERT ARIAS
Contributor

this is a configuration I have tested:

regex block-url ".\myspace.\com"

class-map type regex match-any cm-block-url

match regex block-url

policy-map type inspect http pm-block-url

parameters

match request header host regex class cm-block-url

  drop-connection log

policy-map global_policy

class inspection_default

  inspect http pm-block-url

service-policy global_policy global

View solution in original post

Thanks Paul, I am trying your config but where you have:

class inspection_default

  inspect http pm-block-url

I do not see an "inspect" command to issue "inspect http"?

clas inspectio_default comes by default on the ASA. In case you don't have it then you could add it manually. Here are the missing lines:

class-map inspection_default

match default-inspection-traffic

then make sure you add the rest of the commands I suggested.

you:

regex block-url ".\myspace.\com"

class-map type regex match-any cm-block-url

match regex block-url

policy-map type inspect http pm-block-url

parameters

match request header host regex class cm-block-url

  drop-connection log

policy-map global_policy

class inspection_default

  inspect http pm-block-url

service-policy global_policy global

me (testing with pandora):

regex block1 ".\pandora.\com"

class-map inspection_default
match default-inspection-traffic

class-map type regex match-any block-url-class
match regex block1
!
!
policy-map type inspect http block-url-policy
parameters
match request header host regex class block-url-class
  drop-connection log
policy-map global_policy
class inspection_default
  inspect http block-url-policy
!
service-policy global_policy global


don't the !s indicate incomplete configurations?  Do you have those in your config?  If this looks good to you (looks good to me) I guess I am going to have to verify the user is testing from the right location..

it doesn't mean incomplete.

Go ahead and test. It looks good your config.

tried it on an ASA here and it worked like a charm, client finally got back to me and said he was testing from another site   Thanks for your help!  On a side note...if they ping the URL (and resolve the IP) and use the IP in their web browser they get around this...is there a way to do DNS filtering so that requests or responses for a given string are blocked?

I am glad to hear that it worked. You can always block the IP for the unwanted websites but IPs usually change. If you want a better URL filtering mechanism you should consider the CSC-SSM for the ASA but in this case it will not work on you ASA 5505.

Content for Community-Ad