SOURCE: https://supportforums.cisco.com/docs/DOC-1268#Allow_specific_urls
Hi all,
I have the following configuration in my ASA based on guidelines from the above source to allow only certain sites in my home and block all requests to http and https sites. However,requests to HTTP sites are being blocked but not to HTTPS. Only one host in the network can access all sites
access-list WEBFILTER extended deny tcp host 192.168.254.115 any eq www
access-list WEBFILTER extended deny tcp host 192.168.254.115 any eq https
access-list WEBFILTER extended permit tcp any any eq www
access-list WEBFILTER extended permit tcp any any eq https
regex allowex1 “website1\.com”
regex allowex2 “website2\.com”
class-map type inspect http match-all allow-url-class
match not request header host regex allowex1
match not request header host regex allowex2
class-map allow-user-class
match access-list WEBFILTER
policy-map type inspect http allow-url-policy
parameters
class allow-url-class
drop-connection
policy-map allow-user-url-policy
class allow-user-class
inspect http allow-url-policy
service-policy allow-user-url-policy interface inside
HOW can the HTTPS traffic be also blocked in the above configuration? What am I missing?
Thanks in advance for your help
Juan