Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to deny web traffic with REGEX.


How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.


1. Create a Regex

Regex CMD “CMD”

2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"

policy-map type inspect HTTP URL
match request URI regex CMD

3. Create an access-list with source as any and destination as Web Server

access-list HTTP-S permit tcp any host eq 80

4. Create a new class-map and call the access-list

class HTTP-S
match access-list HTTP-S

5. Now under global_policy, call the class map with action to inspect.

policy-map global_policy
class HTTP-S
   inspect http URL

Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.

Version history
Revision #:
1 of 1
Last update:
‎04-25-2011 12:38 AM
Updated by:
Labels (1)
Everyone's tags (5)