Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to deny web traffic with REGEX.

Issue:


How to deny any web traffic that has the word "CMD" anywhere in the URL coming towards this server.


Resolution:


1. Create a Regex


Regex CMD “CMD”


2. Create a policy-map type for HTTP traffic and call the regex that was created in step one with action as "reset"


policy-map type inspect HTTP URL
match request URI regex CMD
   reset


3. Create an access-list with source as any and destination as Web Server


access-list HTTP-S permit tcp any host 192.168.1.10 eq 80


4. Create a new class-map and call the access-list


class HTTP-S
match access-list HTTP-S


5. Now under global_policy, call the class map with action to inspect.


policy-map global_policy
class HTTP-S
   inspect http URL

Assuming that Service policy is already assigned globally, any web traffic that has keyword "CMD" in the URL will be blocked by the ASA now.

Version history
Revision #:
1 of 1
Last update:
‎04-25-2011 12:38 AM
Updated by:
 
Labels (1)
Everyone's tags (5)