HTTPS inspection on ASA with SmartFilter

Answered Question
May 13th, 2010
User Badges:

Hi all,


I got an ASA5505 with URL-filtering through SmartFilter.

HTTP ist working fine. HTTPS unfortunately can only be blocked on the SmartFilter with the IP address (e.g. https://70.42.13.100)

and not with the domain-name (e.g. https://www.cisco.com/).


On the ASA, the SyslogID 304001 shows only   <inside client ip> Accessed URL 70.42.13.10:https://70.42.13.10/ and this is, what the

SmartFilter are checking.


How can I tell the ASA to log/send the URL name to the SmartFilter?



Thanks,

Norbert

Correct Answer by Panos Kampanakis about 7 years 1 month ago

The smartfilter blocks https doing a reverse lookup for all illegit urls.

In other words when it sees the ip address you are https-ing to it checks what domain the ip address belongs and then decides if it needs to block.

The ASA does not know the url because the http has the URL encrypted and so it can't log it.


I hope it makes sense.


PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Fri, 05/14/2010 - 11:45
User Badges:
  • Cisco Employee,

The smartfilter blocks https doing a reverse lookup for all illegit urls.

In other words when it sees the ip address you are https-ing to it checks what domain the ip address belongs and then decides if it needs to block.

The ASA does not know the url because the http has the URL encrypted and so it can't log it.


I hope it makes sense.


PK

Actions

This Discussion