02-11-2009 05:11 AM - edited 03-10-2019 04:30 AM
Hello, I have a 2821 with an AIM-IPS card. I would like to block some applications over http, like web messenger, remote desktop over http (like logmein) and these kind of services. I have enabled all signatures in the IPS and when I start a web messenger client (for example www.ebuddy.com) no signature fires. Are there any solutions to block them?
Thanks in advance.
02-13-2009 05:52 AM
Hello, anybody have the same problem? Or maybe there is no fix...
Best regards.
04-04-2009 07:48 PM
Hi Victor,
This might help you on blocking web messengers.
regex imo "imo\.com"
regex meebo "meboo\.com"
regex imhaha "imhaha\.com"
regex mabber "mabber\.com"
regex web_msn "webmessenger\.msn\.com"
regex koolim "koolim\.com"
regex msnfx "messengerfx\.com"
regex iloveim "iloveim\.com"
regex goowy "goowy\.com"
regex plugoo "plugoo\.com"
regex imunitive "imunitive\.com"
regex snimmer "snimmer\.com"
regex ebuddy "www\.ebuddy\.com"
class-map type regex match-any BLOCK-WEB-IM
description Deny all web messengers
match regex imo
match regex web_msn
match regex koolim
match regex imunitive
match regex goowy
match regex mabber
match regex ebuddy
match regex meebo
match regex iloveim
match regex msnfx
match regex snimmer
match regex imhaha
match regex plugoo
class-map type inspect http match-all IM-DOMAIN-BLOCK
match request header host regex class BLOCK-WEB-IM
policy-map type inspect http INSIDE-L7-POLICY
parameters
protocol-violation action drop-connection log
class IM-DOMAIN-BLOCK
reset log
policy-map inside-policy
class inside-class
inspect http INSIDE-L7-POLICY
04-05-2009 04:53 PM
sorry, that was for ASA
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: