filter url http

Answered Question
Nov 20th, 2013
User Badges:

Hi Everyone,


Our ASA  has below config here


filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate


We have websense configured that has connection to ASA  to block some http and https traffic.

Need to understand what does above config do on the ASA?


Regards


MAhesh

Correct Answer by Marius Gunnerud about 3 years 8 months ago
Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.


Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.


Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.


--

Please rate all helpful posts

Correct Answer by Marius Gunnerud about 3 years 9 months ago
filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0


This command will send all http traffic to websense for evaluation.


filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate


These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Marius Gunnerud Wed, 11/20/2013 - 10:28
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0


This command will send all http traffic to websense for evaluation.


filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate


These commands also send http traffic to websense for evaluation, but when dealing with a longer than permitted URL it will only send the IP address portion of the URL or the hostname for evaluation.

mahesh18 Wed, 11/20/2013 - 19:49
User Badges:

Hi Marius,


ASA  has  this config  lines

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0



Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

and this includes http and https traffic?


if we have below config in following order

filter url except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0   rule 1

filter https except 172.31.128.0 255.255.192.0 0.0.0.0 0.0.0.0

filter url http 192.168.0.0 255.255.0.0 0.0.0.0 0.0.0.0

filter url http 172.16.0.0 255.240.0.0 0.0.0.0 0.0.0.0 longurl-truncate

filter url http 10.0.0.0 255.0.0.0 0.0.0.0 0.0.0.0 longurl-truncate


Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?


Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?



Regards

MAhesh

Correct Answer
Marius Gunnerud Wed, 11/20/2013 - 23:59
User Badges:
  • Red, 2250 points or more
  • Cisco Designated VIP,

    2017 Firewalling

Does the above config means to bypass the websense and directly go to internet if source is from 172.31.128.x?

You are correct, a filter with the exept keyword will exempt all traffic that is defined in that filter from being sent to the filter server.


Does this mean that if rule 1 is matched first just like ACL  it will allow the http traffic from 172.31.128?

Yes, the match is based on a first match logic as with ACLs.


Another thing to ask is if the browser has no proxy config then traffic will come to firewall first and depending on the

config there it will forward the traffic first to the websense or  internet?

Again correct.


--

Please rate all helpful posts

mahesh18 Thu, 11/21/2013 - 08:07
User Badges:

Many thanks Marius.


Best regards


Mahesh


Message was edited by: mahesh parmar

Actions

This Discussion