06-24-2010 02:19 PM - edited 03-11-2019 11:03 AM
Hi,
ASA 5510 with no IPS/CSC modules.
Can I use the MPF to prevent files with extension .torrent from being downloaded?
Can you specify this using HTTP inspection or regex?
Thank you,
Federico.
06-24-2010 02:34 PM
I'm not sure I think that Regex will only work for URL or URI. For example URLs and URI with the .exe or .torrent
check this
06-24-2010 02:49 PM
Exactly, I saw that document, but I don't see how to tell the ASA what to do when attemting to download a .torrent file.
I know that can be done with IPS, but again that is not the case.
Federico.
08-09-2010 04:05 PM
Here you go bud. I tested this with .pdf files and it worked. I'm not brave enough to go to a torrent site to test this. If you're interested, here is my understanding of why it works: GET /en/US/docs/security/asa/asa83/command/reference/cmdref.pdf HTTP/1.1
"/en/US/docs/security/asa/asa83/command/reference/cmdref.pdf" is the URI
regex TORRENT ".*\.([Tt][Oo][Rr][Rr][Ee][Nn][Tt])"
class-map type inspect http match-any TORRENT
match request uri regex TORRENT
policy-map type inspect http TORRENT
parameters
protocol-violation action drop-connection
match request uri regex TORRENT
drop-connection log
policy-map global_policy
class inspection_default
inspect http TORRENT
A more elaborate configuration can be found here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide