Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Another Regex question in ASA

Hi All,

I have the following configuration and I was able to block the ''Farmville'' game of Facebook.

regex blockex1 "/onthefarm"
regex blockex2 "apps\.facebook\.com"

class-map type inspect http match-all block-url-class
match request uri regex blockex1
match request header host regex blockex2

policy-map type inspect http block-url-policy
parameters
class block-url-class
  drop-connection log

policy-map global_policy
class inspection_default
inspect http block-url-policy

service-policy global_policy global

Now, I need to block www.facebook.com

The problem is that I cannot add another ''match request header host regex'' statement under the class, because it gives me an error.

I've tried the following regex but none of them seem to work:

regex facebook-regex "[Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk].[Cc][Oo][Mm]"
regex domain1 "\.facebook\.com"

Each time, applying the regex with the appropiate command:

class-map type inspect http match-all block-url-class
match request uri regex blockex1
no match request header host regex blockex2

match request header host regex facebook-regex

class-map type inspect http match-all block-url-class
match request uri regex blockex1
no match request header host regex blockex2

match request header host regex domain1

So, how is the appropiate way to do this?

Thank you!

Federico.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Another Regex question in ASA

Wouldn't it be simpler to just block facebook.com instead of the farmville game on facebook and facebook.com?

https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0#Block_specific_urls

-KS

2 REPLIES
Cisco Employee

Re: Another Regex question in ASA

Wouldn't it be simpler to just block facebook.com instead of the farmville game on facebook and facebook.com?

https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0#Block_specific_urls

-KS

Re: Another Regex question in ASA

Hi,

I was able to block www.facebook.com, www.twitter.com and www.hi5.com using the following configuration:

regex domainlist1 ".*facebook.*"
regex domainlist2 ".*twitter.*"
regex domainlist3 ".*hi5.*"

class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3


class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList

policy-map type inspect http http_inspection_policy
parameters
class BlockDomainsClass
  drop-connection log


policy-map global_policy
class inspection_default
  inspect http http_inspection_policy

service-policy global_policy global

Thank you!

Federico.

970
Views
0
Helpful
2
Replies
CreatePlease to create content