Issue:
How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.
Resolution:
1. Create a Regex
Regex CMD “CMD”
2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"
policy-map type inspect HTTP URL
match request URI regex CMD
reset
3. Create an access-list with source as any and destination as Web Server
access-list HTTP-S permit tcp any host 192.168.1.10 eq 80
4. Create a new class-map and call the access-list
class HTTP-S
match access-list HTTP-S
5. Now under global_policy, call the class map with action to inspect.
policy-map global_policy
class HTTP-S
inspect http URL
Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.