MPF - Not Working

Peter Long · ‎10-05-2009

What have I done wrong? See code below

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

regex BLOCKED_DOMAIN_1 "\facebook.\com"

access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http

class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
match regex BLOCKED_DOMAIN_1

class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST

class-map CLASS_MAP_HTTP_TRAFFIC
match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS

policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
parameters
protocol-violation action drop-connection
match request method connect
drop-connection log
class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
reset log

policy-map POLICY_MAP_INSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
inspect http POLICY_MAP_HTTP_INSPECTION

service-policy POLICY_MAP_INSIDE_INTERFACE interface inside

Aniket Rodrigues · ‎10-09-2009

Can you check with this:

regex BLOCKED_DOMAIN_1 "www.facebook.com"

access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http

class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST

match regex BLOCKED_DOMAIN_1

class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT

match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST

class-map CLASS_MAP_HTTP_TRAFFIC

match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS

policy-map type inspect http POLICY_MAP_HTTP_INSPECTION

parameters

class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT

drop-connection log

policy-map POLICY_MAP_INSIDE_INTERFACE

class CLASS_MAP_HTTP_TRAFFIC

inspect http POLICY_MAP_HTTP_INSPECTION

service-policy POLICY_MAP_INSIDE_INTERFACE interface outside

Thanks,

AR

Peter Long · ‎10-12-2009

Thanks Aniket - I will try that - I did get it working on the global policy - see my website here http://www.petenetlive.com/TecBin/KB/0000054.htm but Even TAC could not get my original code to work

I will try that out on the test rig and get back to you

Peter Long · ‎10-13-2009

Hi Aniket

Sorry for the Delay - That worked like a charm

just in case anyone searches this and wants both working examples

On the Global Policy
-------------------------------------------------

regex domainlist1 "facebook.com"
class-map type regex match-any DomainBlockList
match regex domainlist1
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
policy-map type inspect http http_inspection_policy
class BlockDomainsClass
reset log
policy-map global_policy
class inspection_default
inspect http http_inspection_policy
service-policy global_policy global
----------------------------------------------

With its own policy

-----------------------------------------------
regex BLOCKED_DOMAIN_1 "www.facebook.com"
access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http
class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
match regex BLOCKED_DOMAIN_1
class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST
class-map CLASS_MAP_HTTP_TRAFFIC
match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS
policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
parameters
class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
drop-connection log
policy-map POLICY_MAP_OUTSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
inspect http POLICY_MAP_HTTP_INSPECTION
service-policy POLICY_MAP_OUTSIDE_INTERFACE interface outside