cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How to deny web traffic with REGEX.

969
Views
0
Helpful
0
Comments

Issue:


How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.


Resolution:


1. Create a Regex


Regex CMD “CMD”


2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"


policy-map type inspect HTTP URL
match request URI regex CMD
   reset


3. Create an access-list with source as any and destination as Web Server


access-list HTTP-S permit tcp any host 192.168.1.10 eq 80


4. Create a new class-map and call the access-list


class HTTP-S
match access-list HTTP-S


5. Now under global_policy, call the class map with action to inspect.


policy-map global_policy
class HTTP-S
   inspect http URL

Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.