How to block web messenger with AIM-IPS?

Unanswered Question
Feb 11th, 2009

Hello, I have a 2821 with an AIM-IPS card. I would like to block some applications over http, like web messenger, remote desktop over http (like logmein) and these kind of services. I have enabled all signatures in the IPS and when I start a web messenger client (for example www.ebuddy.com) no signature fires. Are there any solutions to block them?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
roshan.maskey Sat, 04/04/2009 - 19:48

Hi Victor,

This might help you on blocking web messengers.

regex imo "imo\.com"

regex meebo "meboo\.com"

regex imhaha "imhaha\.com"

regex mabber "mabber\.com"

regex web_msn "webmessenger\.msn\.com"

regex koolim "koolim\.com"

regex msnfx "messengerfx\.com"

regex iloveim "iloveim\.com"

regex goowy "goowy\.com"

regex plugoo "plugoo\.com"

regex imunitive "imunitive\.com"

regex snimmer "snimmer\.com"

regex ebuddy "www\.ebuddy\.com"

class-map type regex match-any BLOCK-WEB-IM

description Deny all web messengers

match regex imo

match regex web_msn

match regex koolim

match regex imunitive

match regex goowy

match regex mabber

match regex ebuddy

match regex meebo

match regex iloveim

match regex msnfx

match regex snimmer

match regex imhaha

match regex plugoo

class-map type inspect http match-all IM-DOMAIN-BLOCK

match request header host regex class BLOCK-WEB-IM

policy-map type inspect http INSIDE-L7-POLICY

parameters

protocol-violation action drop-connection log

class IM-DOMAIN-BLOCK

reset log

policy-map inside-policy

class inside-class

inspect http INSIDE-L7-POLICY

Actions

This Discussion