cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

How to deny web traffic with REGEX.

997
Views
0
Helpful
0
Comments

Issue:


How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.


Resolution:


1. Create a Regex


Regex CMD “CMD”


2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"


policy-map type inspect HTTP URL
match request URI regex CMD
   reset


3. Create an access-list with source as any and destination as Web Server


access-list HTTP-S permit tcp any host 192.168.1.10 eq 80


4. Create a new class-map and call the access-list


class HTTP-S
match access-list HTTP-S


5. Now under global_policy, call the class map with action to inspect.


policy-map global_policy
class HTTP-S
   inspect http URL

Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.

Content for Community-Ad