MPF ASA for Web Filtering. Https traffic

johnramz · ‎12-03-2013

SOURCE: https://supportforums.cisco.com/docs/DOC-1268#Allow_specific_urls

Hi all,

I have the following configuration in my ASA based on guidelines from the above source to allow only certain sites in my home and block all requests to http and https sites. However,requests to HTTP sites are being blocked but not to HTTPS. Only one host in the network can access all sites

access-list WEBFILTER extended deny tcp host 192.168.254.115 any eq www

access-list WEBFILTER extended deny tcp host 192.168.254.115 any eq https

access-list WEBFILTER extended permit tcp any any eq www

access-list WEBFILTER extended permit tcp any any eq https

regex allowex1 “website1\.com”

regex allowex2 “website2\.com”

class-map type inspect http match-all allow-url-class

match not request header host regex allowex1

match not request header host regex allowex2

class-map allow-user-class

match access-list WEBFILTER

policy-map type inspect http allow-url-policy

parameters

class allow-url-class

drop-connection

policy-map allow-user-url-policy

class allow-user-class

inspect http allow-url-policy

service-policy allow-user-url-policy interface inside

HOW can the HTTPS traffic be also blocked in the above configuration? What am I missing?

Thanks in advance for your help

Juan

johnramz · ‎12-04-2013

Is it even possible for for MPF ASA to inspect and filter HTTPS traffic? I do not even see it in the options:

(config)# class-map type inspect ?

configure mode commands/options:

dns Configure a class-map of type DNS

ftp Configure a class-map of type FTP

h323 Configure a class-map of type H323

http Configure a class-map of type HTTP

im Configure a class-map of type IM

sip Configure a class-map of type SIP