Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
0
Helpful
5
Replies

ASA rate limit certain websites

dan.letkeman
Level 4
Level 4

‎01-14-2012 01:22 PM - edited ‎03-11-2019 03:14 PM

Hello,

Is there a way with the ASA to rate limit certain websites?  Match using regex but rate limit only those matches?

For example if I wanted to rate limit youtube, could I match youtube in a regex statement and then inspect http and only rate limit youtube and not the rest of the http traffic?

When I set the rate limit it allways seems to rate-limit whatever I am inspecting, eg http in general.

Or should I look at doing this on my router instead?

Thanks,

Dan.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎01-15-2012 01:55 AM

see the below URL for the definition of specific web site urls in regular expressions

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

Sent from Cisco Technical Support iPad App

0 Helpful

dan.letkeman
Level 4
Level 4
In response to andrew.prince

‎01-15-2012 09:20 AM

Andrew,

I have read countless examples of using regex on the ASA.  I have some cases already in use and I understand how it works.  But none of the examples I have read can answer my question.

As you can see in the link you provided, the action is always set when you add the http inspection to the class map.  The options are drop, reset or log.  This in no way gives you the abilty to rate-limit the website or domain name, it only gives you the abitlity to block it.

Dan.

0 Helpful

andrew.prince
Level 10
Level 10
In response to dan.letkeman

‎01-15-2012 10:15 AM

Dan,

OK - I forwarded that particular example as the way I look at it, it tells me:-

1) How to configrure RegEx

2) How to configure a specific URL to perform an action (it just happens in this example it's a block action)

3) Assign it to a class map

Once you have it in a class map, you are almost there - in theory (I have not tried this) but since you will have a class map, you should be able to assign it to a QoS policy map, rate limiting the amount of traffic?

See the below example of a QoS Rate Limit

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml

Andrew.

0 Helpful

Philip Straatsma
Level 1
Level 1

‎06-01-2016 05:45 AM

I am wondering if you ever came up with a solution for your URL-based rate limiting problem?

0 Helpful

Sheraz.Salim
VIP
VIP

‎06-01-2016 08:28 AM

youtube is https not http. I beleive you cant rete limit it.

please do not forget to rate.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card