Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CSA MC block website

We have CSA MC v5.2 and CSA agent on all PC, is there any way to define policy to block certain website, like youtube or facebook etc. while blocking, can this be done by name instead of IP address?



Re: CSA MC block website

Hi Guy,

You should consider a proxy or a product like Websense if you want to block certain websites.

Let CSA concentrate on what it does best: protecting your assets from worms and viruses. It does a magnificent job of correlating the behavior of your end systems. Your host-based intrusion protection systems like CSA should only be tasked to monitor things like file and memory access, process behavior, and access to shared libraries.

Block websites at the perimeter, or as close to the perimeter as possible and don't overload your workstations and servers with processes better performed by other devices.

Hope this helps.


New Member

Re: CSA MC block website

200% agree on your point.

however, you did not answer my question.


Re: CSA MC block website

Data sets are variables that you can use as data access control rules. These sets are sets of strings that you can group together. Their only purpose is to be matched against the Uniform Resource Identifier (URI) in HTTP requests

Choose Configuration > Variables > Data Sets.

then you can make the data set with URI u want to match with a rule that applied to all http requests from ur inside to any as outside

if u have ASA/PX do it there

if u dont know how tell me i can help u

good luck

please, Rate if helpful

New Member

Re: CSA MC block website

Please give more detailed steps, I did not see how to make the data set with URL


Re: CSA MC block website

the mentioned above not URL it is uri which is part from a URL


so the /info/books/ csan be considered as a uri

u just need to know how to make a data set

which should be like the above example

try to make it like



not sure but try like the above ways

dont forget on ur rule to make the right rource and destination IPs

good luck mate

Rate if helpful

CreatePlease to create content