Filtering User urls using the pix + regex
Hi,
I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface i tried using service-polocy MY_HTTP_MAP interface "name of interface" and it gives an error saying it can be applied to service policy command.
The below commands is as follows
PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#
I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface i tried using service-polocy MY_HTTP_MAP interface "name of interface" and it gives an error saying it can be applied to service policy command.
The below commands is as follows
PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#
ASKER
Hi,
Thanks for the response still does not seem to be filtering the website though any other ideas??
thks
Thanks for the response still does not seem to be filtering the website though any other ideas??
thks
Where is bebo.com, inside or outside?
harbor235 ;}
ASKER
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.
If you want to block access to a site, shun it
fw(confi) shun 208.75.184.192
harbor235 ;}
harbor235 ;}
oops,
fw(confi) shun 208.75.184.192 0 0 0
harbor235 ;}
ASKER
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log
policy-map global_policy (existing active policy be careful)
class inspection_default (existing active policy be careful)
inspect http Restricted_URLS
harbor235 ;}