Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MPF - block social sites

ASA5505 running 8.0(4)

I added this code and it blocks the social sites as required.
It also blocks http://travel.state.gov in particular and possilby others per my customer.

Can you help me to see my error?

!
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.facebook\.com"
regex domainlist5 "\.twitter\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
!
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
class-map type regex match-any DomainBlockList
match regex domainlist2
match regex domainlist3
match regex domainlist4
match regex domainlist5
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
parameters
  protocol-violation action drop-connection
class AppHeaderClass
  drop-connection log
match request method connect
  drop-connection log
class BlockDomainsClass
  reset log
policy-map inside-policy
class httptraffic
  inspect http http_inspection_policy
!
service-policy inside-policy interface inside
!

Phil

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: MPF - block social sites

Hi Phil,

It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:

Content-Type: application/javascript

This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.

Hope that helps

-Mike

2 REPLIES
Cisco Employee

Re: MPF - block social sites

Hi Phil,

It looks like the AppHeaderClass class is preventing you from reaching http://travel.state.gov. I did a quick capture and see that the web server's responses contain a bunch of references to:

Content-Type: application/javascript

This would be matched by the regex you have configured. Try adjusting/removing that class and the connection should go through.

Hope that helps

-Mike

New Member

Re: MPF - block social sites

Mike,

Thanks for the reply.  That did the trick.  My problem is I'm not a MicroSquish person - that dates me as it is - so I did not know where to start.  I'll delve more into MPF because I know I need it for much more too.

Phil

326
Views
0
Helpful
2
Replies