05-22-2010 04:44 AM - edited 03-11-2019 10:49 AM
hi
I have problem to filter http traffic with regex . URL filtering works fine, but domain name filtering doesn't work correctly. Hire is configuration:
regex MP3Files ".+\.[Mm][Pp][3]"
regex AVIFiles ".+\.[Aa][Vv][Ii]"
regex Domain1 "myspace\.com"
regex Domain2 "facebook\.com"
access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 80
access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 8080
class-map type regex match-any File_Exstension_Class
match regex AVIFiles
match regex MP3Files
class-map type regex match-any Domain_List_Class
match regex Domain1
match regex Domain2
class-map Inside_Subnet
match access-list Inside_Subnet
class-map type inspect http match-any File_Exstensions
match request uri regex class File_Exstension_Class
class-map type inspect http match-any Domain_Class
match request header host regex class Domain_List_Class
policy-map type inspect http Inside_Policy
parameters
class File_Exstensions
drop-connection
class Domain_Class
drop-connection
policy-map inside-policy
class Inside_Subnet
inspect http Inside_Policy
service-policy inside-policy interface inside
05-22-2010 09:20 PM
The regex for myspace and facebook should be as follows:
regex Domain1 "\.myspace\.com"
regex Domain2 "\.facebook\.com"
Here is a sample configuration:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Hope that helps.
05-27-2010 04:23 AM
Thanks for help.
Actually it does not block some of the web sites.
I have big regex class map, from that class map some of the web sites aren't blocked.
I done configuration from that example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
What can be problem?
ASA Software version is 8.2(1).
10-21-2010 02:39 AM
hi,
i have test u'r configuration, n i want to block mp3 file, but u'r configuration was fail.
can u tell what that i miss?
10-21-2010 10:56 AM
What config are you using? Can you post your class-maps, policy-map and regexes?
PK
10-21-2010 01:03 PM
Actually this configuration is working in my network (ASA 8.2). You should check this links:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940c5a.shtml
10-21-2010 06:38 PM
Hi Giorgi,
thx i think i miss to write letter 's' on class-map type inspect http match-any File_Exstensions, that way i get any thing not work.
once more thx u so much Giorgi
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: