blocking URLS with MPF

Unanswered Question
Jul 8th, 2010

I would like to write a policy on the ASA to block any URL with the word "facebook" in it, except for so and would be blocked but would not. 

I believe the blocking policy should look like below, but I am unsure how I should create an exception to allow

regex blockex1 "/facebook/"

class-map type inspect http match-any block-url-class
match request uri regex blockex1

policy-map type inspect http block-url-policy
class block-url-class
  drop-connection log
policy-map global_policy
class inspection_default
  inspect http block-url-policy

service-policy global_policy global

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Kevin Redmon Thu, 07/08/2010 - 08:54

You can create a more specific regex that will match and put that policy first in the MPF policy-map.  When this traffic is matched (ie when someone goes to, this class of traffic will be matched first and will allow that connection.  When the user attempts to go to any other website with 'facebook' in the URL, it will NOT match the first policy (for but will match the second policy (matching 'facebook' anywhere else in the URL) and will be dropped.

Best Regards,


networker99 Thu, 07/08/2010 - 09:32

Great, but what action do I apply to the permit traffic? as their is no forward or permit


This Discussion