02-07-2011 11:05 AM - edited 03-11-2019 12:46 PM
Can someone help me with a basic config to filter like cisco.com (or any of its pages) using a 5505? I am trying to *block* this site. Here is what I had from the URL filtering howto:
!
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-any block-url-class
match request header host regex block1
!
!
policy-map type inspect http block-url-policy
parameters
class block-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http block-url-policy
!
service-policy global_policy global
I got an error initially about there being no inspection_default class so im not sure if I recreated it correctly/completely...
thanks!
Solved! Go to Solution.
02-07-2011 11:29 AM
this is a configuration I have tested:
regex block-url ".\myspace.\com"
class-map type regex match-any cm-block-url
match regex block-url
policy-map type inspect http pm-block-url
parameters
match request header host regex class cm-block-url
drop-connection log
policy-map global_policy
class inspection_default
inspect http pm-block-url
service-policy global_policy global
02-07-2011 11:07 AM
can you paste the show run regex, show run class-map and show run policy-map?
02-07-2011 11:08 AM
this link provides a good explanation:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
02-07-2011 11:29 AM
this is a configuration I have tested:
regex block-url ".\myspace.\com"
class-map type regex match-any cm-block-url
match regex block-url
policy-map type inspect http pm-block-url
parameters
match request header host regex class cm-block-url
drop-connection log
policy-map global_policy
class inspection_default
inspect http pm-block-url
service-policy global_policy global
02-09-2011 08:45 AM
Thanks Paul, I am trying your config but where you have:
class inspection_default
inspect http pm-block-url
I do not see an "inspect" command to issue "inspect http"?
02-09-2011 08:51 AM
clas inspectio_default comes by default on the ASA. In case you don't have it then you could add it manually. Here are the missing lines:
class-map inspection_default
match default-inspection-traffic
02-09-2011 12:58 PM
you:
regex block-url ".\myspace.\com"
class-map type regex match-any cm-block-url
match regex block-url
policy-map type inspect http pm-block-url
parameters
match request header host regex class cm-block-url
drop-connection log
policy-map global_policy
class inspection_default
inspect http pm-block-url
service-policy global_policy global
me (testing with pandora):
regex block1 ".\pandora.\com"
class-map inspection_default
match default-inspection-traffic
class-map type regex match-any block-url-class
match regex block1
!
!
policy-map type inspect http block-url-policy
parameters
match request header host regex class block-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http block-url-policy
!
service-policy global_policy global
don't the !s indicate incomplete configurations? Do you have those in your config? If this looks good to you (looks good to me) I guess I am going to have to verify the user is testing from the right location..
02-09-2011 01:05 PM
it doesn't mean incomplete.
Go ahead and test. It looks good your config.
02-10-2011 12:42 PM
tried it on an ASA here and it worked like a charm, client finally got back to me and said he was testing from another site Thanks for your help! On a side note...if they ping the URL (and resolve the IP) and use the IP in their web browser they get around this...is there a way to do DNS filtering so that requests or responses for a given string are blocked?
02-10-2011 01:09 PM
I am glad to hear that it worked. You can always block the IP for the unwanted websites but IPs usually change. If you want a better URL filtering mechanism you should consider the CSC-SSM for the ASA but in this case it will not work on you ASA 5505.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: