Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Getting problem in HTTPS URL Filtering by ASA 5505 IOS 8.3 (2)

Hi friends , I am Rasbihari Acharya am not an expert in firewall i.e. security domain but I always try my cent percent to complete my project which is assign to me. My current project is to block all unauthorized ( http / https ) websites except some particular company authorized websites like airtel.com,airtel.in, yyy.com etc.. in our network by the help of ASA 5505/5510 ASA IOS 8.3 (2). but when I try to do the same I was successful but problem is that some pre enabled https sites like

https://facebook.com

, in.linkdin,gmail.com which is not drop by the policy . but when i want to acess the facebook /gmail/linkdin without HTTPS it is drop by policy not droped with https. which is configured so please check my configuration mentioned in below and please suggest .


regex allowex1 ".xxx\.com"

regex allowex2 ".yyy\.com"

regex allowex3 "airtel\.com"

regex allowex4 "airtel\.in"

!

!

access-list user-acl permit tcp any any eq www

access-list user-acl permit tcp any any eq https

or

no access-list user-acl permit tcp any any eq https // (Same situation )

!

!

class-map type inspect http match-all allow-url-class

match not request header host regex allowex1

match not request header host regex allowex2

match not request header host regex allowex3

match not request header host regex allowex4

!

class-map allow-user-class

match access-list user-acl

!

policy-map type inspect http allow-url-policy

parameters

class allow-url-class

drop-connection

!

policy-map allow-user-url-policy

class allow-user-class

inspect http allow-url-policy

service-policy allow-user-url-policy interface inside

!

Thanks in Advanced ...

Thanks ...

Rasbihari Acharya

09873088689

958
Views
0
Helpful
0
Replies
CreatePlease to create content