02-22-2010 10:31 AM - edited 03-11-2019 10:13 AM
Hi,
I would like to block all URLs on the Outside Network for a specific inside host. Furthermore I would like to exclude a few outside URLs from the general " all URLs blocked" which shall be accessible by the specific host.
Is it possible with an ASA Box. To make it clear again: a specific inside Host should only be allowed to access external URLs which are explicitly allowed in the FW. All other traffic to the outside world should be disallowed. All other inside hosts on the Network should not be affected by this policy.
Is this possible with an ASA 5505? How to accomplish that?
Thx...Andy
Solved! Go to Solution.
02-24-2010 01:05 PM
It would help if you really read and tried to understand the link I sent you. You would be able to do it no problem.
In any case, here it is
regex allowex1 "www\.allowed1\.com"
regex allowex2 "www\.allowed2\.net"
access-list user-acl extended permit tcp host 192.168.1.2 any eq www
class-map type inspect http match-all allow-url-class
match not request header host regex allowex1
match not request header host regex allowex2
class-map allow-user-class
match access-list user-acl
policy-map type inspect http allow-url-policy
parameters
class allow-url-class
drop-connection
policy-map allow-user-url-policy
class allow-user-class
inspect http allow-url-policy
service-policy allow-user-url-policy interface inside
Rank useful posts.
PK
02-22-2010 11:56 AM
This URL explains exactly what you want to do http://supportforums.cisco.com/docs/DOC-1268
I hope it helps.
PK
02-24-2010 12:03 PM
Thanks but I still try to figure out how to configure it properly. Maybe you can give me a code example for the following:
Inside Net: 192.168.1.0/24
Host 192.168.1.25 shall only be allowed to 2 webpages: www.allowed1.net (and everything below e.g. www.allowed1.net/page1) & www.allowed2.com The host shall not be able to access anything else on the internet.
All other Hosts in the Inside Net shall be able to access any webpage on the internet.
Can you give me a code example for this.
That would be great!
Thx...Andy
02-24-2010 01:05 PM
It would help if you really read and tried to understand the link I sent you. You would be able to do it no problem.
In any case, here it is
regex allowex1 "www\.allowed1\.com"
regex allowex2 "www\.allowed2\.net"
access-list user-acl extended permit tcp host 192.168.1.2 any eq www
class-map type inspect http match-all allow-url-class
match not request header host regex allowex1
match not request header host regex allowex2
class-map allow-user-class
match access-list user-acl
policy-map type inspect http allow-url-policy
parameters
class allow-url-class
drop-connection
policy-map allow-user-url-policy
class allow-user-class
inspect http allow-url-policy
service-policy allow-user-url-policy interface inside
Rank useful posts.
PK
02-25-2010 12:57 PM
thx for your efforts. It works and I think I now know how it works.
best..Andy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: