HTTP inspect for blocking specific domain also blocking other domain.

Unanswered Question
Jan 20th, 2009

Hello fellows,

I have a situation where a ASA running 7.2.2 configured with HTTP inspection for blocking myspace.com access as follows:

regex domainmyspace "\.myspace\.com"

class-map type regex match-any DomainBlockList

match regex domainmyspace

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map httptraffic

match access-list inside_mpc

access-list inside_mpc extended permit tcp any any eq www

policy-map type inspect http http_inspection_policy

parameters

protocol-violation action drop-connection

match request method connect

drop-connection log

class BlockDomainsClass

reset log

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy

!

service-policy global_policy global

service-policy inside-policy interface inside

It is actually doing it's job in blocking myspace.com, although when this inspection is in place it will also traffic for the Windows Update from the IE on www.update.microsoft.com, any other HTTP traffic will work fine. I got captures for traffic incoming the inside interface with the service-policy in place and I do not see any traffic at all, if I remove everything works just fine!

Any help is highly appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion