Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA - Inspecting HTTP traffic to URL

I'm trying to block access to lycos.com and doing it this way but it's not working

regex regex_lycos "www.lycos.com"

class-map cmap_test

class-map type regex match-any cmap_regex1

match regex regex_lycos

class-map type inspect http match-all http_traffic

match request uri regex class cmap_regex1

!

policy-map type inspect http pmap_http

parameters

class http_traffic

reset log

policy-map pmap3

class cmap_test

inspect http pmap_http

!

service-policy pmap3 interface inside

service-policy pmap3 interface outside

Here is the output of my 'show service-policy' commands after going to lycos.com. The connection was allowed and nothing was blocked

H(config)# sh service-policy int inside

Interface inside:

Service-policy: pmap3

Class-map: cmap_test

Inspect: http pmap_http, packet 0, drop 0, reset-drop 0

H(config)# sh service-policy int ou

Interface outside:

Service-policy: pmap3

Class-map: cmap_test

Inspect: http pmap_http, packet 0, drop 0, reset-drop 0

2 REPLIES
Silver

Re: ASA - Inspecting HTTP traffic to URL

The enhanced HTTP inspection feature, which is also known as an application firewall and is available when you configure an HTTP map can help prevent attackers from using HTTP messages for circumventing network security policy.

Refer this link:

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/inspect.html#wp1431359

Community Member

Re: ASA - Inspecting HTTP traffic to URL

Hi,

Try replacing the following command,

regex regex_lycos "www.lycos.com"

with

regex regex_lycos "w{3}\.lycos\.com"

Rate it if it helps.

Regards,

Sridhar.

152
Views
0
Helpful
2
Replies
CreatePlease to create content