Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 http filtering with regex

hi

I have problem to filter http traffic with regex . URL filtering works fine, but domain name filtering doesn't work correctly. Hire is configuration:

regex MP3Files ".+\.[Mm][Pp][3]"
regex AVIFiles ".+\.[Aa][Vv][Ii]"

regex Domain1 "myspace\.com"
regex Domain2 "facebook\.com"

access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 80
access-list Inside_Subnet extended permit tcp 172.17.0.0 255.255.0.0 any eq 8080

class-map type regex match-any File_Exstension_Class
match regex AVIFiles
match regex MP3Files


class-map type regex match-any Domain_List_Class
match regex Domain1
match regex Domain2

class-map Inside_Subnet
match access-list Inside_Subnet

class-map type inspect http match-any File_Exstensions
match request uri regex class File_Exstension_Class

class-map type inspect http match-any Domain_Class
match request header host regex class Domain_List_Class

policy-map type inspect http Inside_Policy
parameters
class File_Exstensions
  drop-connection
class Domain_Class

  drop-connection


policy-map inside-policy
class Inside_Subnet
  inspect http Inside_Policy

service-policy inside-policy interface inside

6 REPLIES
Cisco Employee

Re: ASA 5510 http filtering with regex

The regex for myspace and facebook should be as follows:

regex Domain1 "\.myspace\.com"
regex Domain2 "\.facebook\.com"

Here is a sample configuration:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Hope that helps.

New Member

Re: ASA 5510 http filtering with regex

Thanks for help.
Actually it does not block some of the web sites.
I have big regex class map, from that class map some of the web sites   aren't blocked.
I done configuration from that example:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
What can be problem?
ASA Software version is 8.2(1).


New Member

Re: ASA 5510 http filtering with regex

hi,

i have test u'r configuration, n i want to block mp3 file, but u'r configuration was fail.

can u tell what that i miss?

Cisco Employee

Re: ASA 5510 http filtering with regex

What config are you using? Can you post your class-maps, policy-map and regexes?

PK

New Member

Re: ASA 5510 http filtering with regex

New Member

Re: ASA 5510 http filtering with regex

Hi Giorgi,

thx i think i miss to write letter 's' on class-map type inspect http match-any File_Exstensions, that way i get any thing not work.

once more thx u so much Giorgi

1837
Views
0
Helpful
6
Replies
CreatePlease to create content