Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

MPF - Not Working

What have I done wrong? See code below

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

regex BLOCKED_DOMAIN_1 "\facebook.\com"

access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http


class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
match regex BLOCKED_DOMAIN_1

class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST


class-map CLASS_MAP_HTTP_TRAFFIC
match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS


policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
parameters
  protocol-violation action drop-connection
match request method connect
  drop-connection log
class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
  reset log

policy-map POLICY_MAP_INSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
  inspect http POLICY_MAP_HTTP_INSPECTION


service-policy POLICY_MAP_INSIDE_INTERFACE interface inside

Version history
Revision #:
1 of 1
Last update:
‎10-05-2009 05:59 AM
Updated by:
 
Labels (1)
Comments
New Member

Can you check with this:

regex BLOCKED_DOMAIN_1 "www.facebook.com"

access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http

class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST

match regex BLOCKED_DOMAIN_1

class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT

match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST

class-map CLASS_MAP_HTTP_TRAFFIC

match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS

policy-map type inspect http POLICY_MAP_HTTP_INSPECTION

parameters

class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT

drop-connection log

policy-map POLICY_MAP_INSIDE_INTERFACE

class CLASS_MAP_HTTP_TRAFFIC

  inspect http POLICY_MAP_HTTP_INSPECTION

service-policy POLICY_MAP_INSIDE_INTERFACE interface outside

Thanks,

AR

New Member

Thanks Aniket - I will try that - I did get it working on the global policy - see my website here http://www.petenetlive.com/TecBin/KB/0000054.htm but Even TAC could not get my original code to work

I will try that out on the test rig and get back to you

New Member

Hi Aniket

Sorry for the Delay - That worked like a charm

just in case anyone searches this and wants both working examples

On the Global Policy
-------------------------------------------------

regex domainlist1 "facebook.com"
class-map type regex match-any DomainBlockList 
  match regex domainlist1 
class-map type inspect http match-all BlockDomainsClass
  match request header host regex class DomainBlockList
policy-map type inspect http http_inspection_policy 
class BlockDomainsClass
  reset log
policy-map global_policy
  class inspection_default
  inspect http http_inspection_policy
service-policy global_policy global
----------------------------------------------


With its own policy

-----------------------------------------------
regex BLOCKED_DOMAIN_1 "www.facebook.com"
access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http
class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
  match regex BLOCKED_DOMAIN_1
class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
  match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST
class-map CLASS_MAP_HTTP_TRAFFIC
  match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS
policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
  parameters
  class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
  drop-connection log
policy-map POLICY_MAP_OUTSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
  inspect http POLICY_MAP_HTTP_INSPECTION
service-policy POLICY_MAP_OUTSIDE_INTERFACE interface outside