Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

asa 5505 - blocking url without websense or N2H2

Hi !

I just have a couple of url to block, so I don't really want to implement a server like websense or N2H2 to manage the web content I want to block. Is there a way in the ASA-5505 to deny access to certain web pages with the url of the page ?

3 REPLIES

Re: asa 5505 - blocking url without websense or N2H2

hello gprever,

I really dont think this is possible.. one way is to use ACLs to block IPs of the particular URL's .. or to use an external proxy server, which can do this.. most of the proxy servers now do basic URL filtering..

Hope this helps.. all the best..

Raj

New Member

Re: asa 5505 - blocking url without websense or N2H2

I was thinking about a string value as a regular expression and then reject it in an inspect class map; but I haven't fiddled around with it yet, so I don't quiet understand how it works really. Any body who would think it is achievable that way ?

Bronze

Re: asa 5505 - blocking url without websense or N2H2

It is acheivable through Regex... I'm still looking for a solution... I was working on it last night, but could not get it to work... i would appreciate if somebody can post some lines on this...

The following is my work trying to block access to Fortinet.com... please advise if you know how to fix this issue:

PIX Version 7.2(2)

regex test1 "fortinet.com"

regex test2 "www.fortinet.com"

regex test3 "http://www.fortinet.com"

route outside 0.0.0.0 0.0.0.0 10.1.201.254 1

class-map type regex match-any httpkill

match regex test1

match regex test2

match regex test3

class-map inspection_default

match default-inspection-traffic

class-map type inspect http match-all httpkill1

match request uri regex class httpkill

policy-map type inspect http httpkill1

parameters

class httpkill1

drop-connection log

policy-map global_policy

class inspection_default

inspect http httpkill1

service-policy global_policy global

469
Views
0
Helpful
3
Replies
CreatePlease to create content