Episode Information
Episode Name:Episode #13 - HTTP filtering on the ASA
Contributors: Jay Johnston, Blayne Dreier, David White Jr., Magnus Mortensen
Posting Date: July 26, 2010
Description: The panel discusses the http filtering capabilities of the ASA platform including custom http inspection, url-filtering, wccp capabilities and the Content Security Control (CSC) Module configuration and troubleshooting.
Listen Now (MP3 24.9 MB; 36:20 mins)
Subscribe to the Podcast in iTunes by pasting the following link into your browser (which should launch iTunes) where you can subscribe to the podcast.
itpc://www.cisco.com/cdc_content_elements/rss/security_podcast/security_tac_pcast.xml
Alternatively, you can search within iTunes for Cisco TAC Security Podcast, and subscribe there. By subscribing, you will automatically receive future episodes when they are posted.
For users who would like an alternative method for subscribing, you can add the following URL into your favorite RSS reader, and subscribe to that feed.
http://www.cisco.com/cdc_content_elements/rss/security_podcast/security_tac_pcast.xml
Episode Show Notes
Sample ASA Modular Policy Framework (MPF) configuration blocking www.facebook.com:
---------------
regex fbhostregex “[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk]\.[Cc][Oo][Mm]”
class-map type inspect http match-any block-url-class
match request header host regex fbhostregex
policy-map type inspect http block-url-policy
parameters
class block-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http block-url-policy
service-policy global_policy global
---------------
About the Cisco TAC Security Podcast
The Cisco TAC Security Podcast Series is created by Cisco TAC engineers. Each episode provides an in-depth technical discussion of Cisco product security features, with emphasis on troubleshooting.
Complete episode listing and show information