cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2441
Views
0
Helpful
6
Replies

ASA 5510 http filtering with regex

GiorgiChubko
Level 1
Level 1

hi

I have problem to filter http traffic with regex . URL filtering works fine, but domain name filtering doesn't work correctly. Hire is configuration:

regex MP3Files ".+\.[Mm][Pp][3]"
regex AVIFiles ".+\.[Aa][Vv][Ii]"

regex Domain1 "myspace\.com"
regex Domain2 "facebook\.com"

access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 80
access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 8080

class-map type regex match-any File_Exstension_Class
match regex AVIFiles
match regex MP3Files


class-map type regex match-any Domain_List_Class
match regex Domain1
match regex Domain2

class-map Inside_Subnet
match access-list Inside_Subnet

class-map type inspect http match-any File_Exstensions
match request uri regex class File_Exstension_Class

class-map type inspect http match-any Domain_Class
match request header host regex class Domain_List_Class

policy-map type inspect http Inside_Policy
parameters
class File_Exstensions
  drop-connection
class Domain_Class

  drop-connection


policy-map inside-policy
class Inside_Subnet
  inspect http Inside_Policy

service-policy inside-policy interface inside

6 Replies 6

Jennifer Halim
Cisco Employee
Cisco Employee

The regex for myspace and facebook should be as follows:

regex Domain1 "\.myspace\.com"
regex Domain2 "\.facebook\.com"

Here is a sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Hope that helps.

Thanks for help.
Actually it does not block some of the web sites.
I have big regex class map, from that class map some of the web sites   aren't blocked.
I done configuration from that example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
What can be problem?
ASA Software version is 8.2(1).


Dwi Haryanto
Level 1
Level 1

hi,

i have test u'r configuration, n i want to block mp3 file, but u'r configuration was fail.

can u tell what that i miss?

What config are you using? Can you post your class-maps, policy-map and regexes?

PK

Dwi Haryanto
Level 1
Level 1

Hi Giorgi,

thx i think i miss to write letter 's' on class-map type inspect http match-any File_Exstensions, that way i get any thing not work.

once more thx u so much Giorgi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: