Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1108
Views
0
Helpful
0
Comments

How to deny web traffic with REGEX.

Parminder Sian
Level 1
Level 1

‎04-25-2011 12:38 AM - edited ‎03-08-2019 06:40 PM

Issue:


How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.


Resolution:


1. Create a Regex


Regex CMD “CMD”


2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"


policy-map type inspect HTTP URL
match request URI regex CMD
   reset


3. Create an access-list with source as any and destination as Web Server


access-list HTTP-S permit tcp any host 192.168.1.10 eq 80


4. Create a new class-map and call the access-list


class HTTP-S
match access-list HTTP-S


5. Now under global_policy, call the class map with action to inspect.


policy-map global_policy
class HTTP-S
   inspect http URL

Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents