07-27-2010 12:21 PM - edited 03-11-2019 11:16 AM
ASA5505 running 8.0(4)
I added this code and it blocks the social sites as required.
It also blocks http://travel.state.gov in particular and possilby others per my customer.
Can you help me to see my error?
!
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.facebook\.com"
regex domainlist5 "\.twitter\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
!
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
class-map type regex match-any DomainBlockList
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
!
service-policy inside-policy interface inside
!
Phil
Solved! Go to Solution.
07-27-2010 02:03 PM
Hi Phil,
It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:
Content-Type: application/javascript
This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.
Hope that helps
-Mike
07-27-2010 02:03 PM
Hi Phil,
It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:
Content-Type: application/javascript
This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.
Hope that helps
-Mike
07-27-2010 03:16 PM
Mike,
Thanks for the reply. That did the trick. My problem is I'm not a MicroSquish person - that dates me as it is - so I did not know where to start. I'll delve more into MPF because I know I need it for much more too.
Phil
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: