?
Solved

Filtering User urls using the pix + regex

Posted on 2008-10-21
8
Medium Priority
?
514 Views
Last Modified: 2013-11-16
Hi,
   I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface  i tried using service-polocy MY_HTTP_MAP  interface "name of interface" and it gives an error saying it can be applied to service policy command.

The below commands  is as follows

PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#  
0
Comment
Question by:BarepAssets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22777395
Try this, save your config, try the following commands, do not save, if there is a problem you can reboot

config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log

policy-map global_policy    (existing active policy be careful)
class inspection_default    (existing active policy be careful)
inspect http Restricted_URLS

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22784525
Hi,
   Thanks for the response still does not seem to be filtering the website though any other ideas??

thks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786122


Where is bebo.com, inside or outside?

harbor235 ;}
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BarepAssets
ID: 22786193
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786332


Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.

If you want to block access to a site, shun it

fw(confi) shun 208.75.184.192

harbor235 ;}



harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786410

oops,

fw(confi) shun 208.75.184.192 0 0 0

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22786608
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1500 total points
ID: 22786874


You can shun it or you can add an outbound ACL on the inside interface. Eitherway you must add a ACL of sorts to block it.

the entire netblock for bebo.com is 208.75.184.0/22

An outbound ACL applied to the inside interface would block the traffic at it's source which is a better solution from my perspective

access-list inside deny ip any 208.75.184.0 255.255.252.0
access-list inside permit ip any any
access-group inside in interface inside

harbor235 ;}

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question