Allow only maps.google.com

Answered Question
Aug 4th, 2010

Hello, have a problem with rule for ASA 5505. I need block all tarffic except maps.google.com:


regex googleMAP "maps\.google\.com"

class-map type inspect http match-all BlockDomainsClass
match not request header host regex class DomainBlockList

policy-map type inspect http http_incspect_policy
parameters
  protocol-violation action drop-connection
match request method connect
  drop-connection log
class BlockDomainsClass
  reset log


This rule works, but not all maps are opened and maps are partially.

How I can use all ip maps.google.com:

74.125.87.103
74.125.87.105
74.125.87.99
74.125.87.104
74.125.87.106
74.125.87.147


in rule?

Correct Answer by Magnus Mortensen about 6 years 6 months ago

Dmitry,

     More likely than not, google maps uses a lot of different domains then just maps.google.com for context and files to load the maps. I highly suggest you install the "Tamper Data" extension in Firefox as it will list all the requests your browser makes. That way you can see what domains and sub-domains are involved in loading google maps. You can get Tamper Data here:


https://addons.mozilla.org/en-US/firefox/addon/966/


Once installed, load it from Firefox's tools menu. Once it is open, browse and use google maps. Youw ill see all the requests made and the URLs. That way you can adjust and tune your policy accordingly.


When I tested just now I saw:


maps.google.com

maps.gstatic.com

mt0.google.com

mt1.google.com


Go ahead and try it your self and see what you find!


- Magnus

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Magnus Mortensen Wed, 08/04/2010 - 05:17

Dmitry,

     More likely than not, google maps uses a lot of different domains then just maps.google.com for context and files to load the maps. I highly suggest you install the "Tamper Data" extension in Firefox as it will list all the requests your browser makes. That way you can see what domains and sub-domains are involved in loading google maps. You can get Tamper Data here:


https://addons.mozilla.org/en-US/firefox/addon/966/


Once installed, load it from Firefox's tools menu. Once it is open, browse and use google maps. Youw ill see all the requests made and the URLs. That way you can adjust and tune your policy accordingly.


When I tested just now I saw:


maps.google.com

maps.gstatic.com

mt0.google.com

mt1.google.com


Go ahead and try it your self and see what you find!


- Magnus

grigansky Wed, 08/04/2010 - 05:43

Thanks for the idea. Nevertheless, how I can use ip for filtering http

Magnus Mortensen Wed, 08/04/2010 - 06:59

Dmitry,

     I would not use IP addresses for HTTP filtering since IP address will, and do, change often. basing it on the hostname (via regex) is much more resilient to changing IP addresses.


- Magnus

Actions

This Discussion