Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

URL filtering in CISCO ASASM2 ver 8.5

Hello,

can any 1 tell me how to block url like facebook.com or gmail.com through asa

I have cisco ASASM2 which is running on ver 8.5

How can i block those url with ASASM.

Thanks in advance

Khem

2 REPLIES
Silver

URL filtering in CISCO ASASM2 ver 8.5

Looking at the command reference of the ASASM it does not seem as if it supports regex filtering it only does it with Websense and N2H2

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration85/guide/access_filter.html

Value our effort and rate the assistance!
New Member

URL filtering in CISCO ASASM2 ver 8.5

Hello

under

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration85/guide/inspect_basic.html#wp1514315

under

Configuring Application Inspection

          Configuring Inspection of Basic Internet Protocols

                         HTTP Inspection

just above of "ICMP Inspection" you will find the following example

hostname(config)# regex url1 "www\.xyz.com/.*\.asp"

hostname(config)# regex url2 "www\.xyz[0-9][0-9]\.com"

hostname(config)# regex get "GET"

hostname(config)# regex put "PUT"

hostname(config)# class-map type regex match-any url_to_log

hostname(config-cmap)# match regex url1

hostname(config-cmap)# match regex url2

hostname(config-cmap)# exit

hostname(config)# class-map type regex match-any methods_to_log

hostname(config-cmap)# match regex get

hostname(config-cmap)# match regex put

hostname(config-cmap)# exit

hostname(config)# class-map type inspect http http_url_policy

hostname(config-cmap)# match request uri regex class url_to_log

hostname(config-cmap)# match request method regex class methods_to_log

hostname(config-cmap)# exit

hostname(config)# policy-map type inspect http http_policy

hostname(config-pmap)# class http_url_policy

hostname(config-pmap-c)# log

Perhaps, it can provide you an idea, in order to modify in a suitable way for you.

100
Views
0
Helpful
2
Replies