Solved

Filtering User urls using the pix + regex

Posted on 2008-10-21
8
511 Views
Last Modified: 2013-11-16
Hi,
   I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface  i tried using service-polocy MY_HTTP_MAP  interface "name of interface" and it gives an error saying it can be applied to service policy command.

The below commands  is as follows

PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#  
0
Comment
Question by:BarepAssets
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22777395
Try this, save your config, try the following commands, do not save, if there is a problem you can reboot

config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log

policy-map global_policy    (existing active policy be careful)
class inspection_default    (existing active policy be careful)
inspect http Restricted_URLS

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22784525
Hi,
   Thanks for the response still does not seem to be filtering the website though any other ideas??

thks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786122


Where is bebo.com, inside or outside?

harbor235 ;}
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:BarepAssets
ID: 22786193
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786332


Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.

If you want to block access to a site, shun it

fw(confi) shun 208.75.184.192

harbor235 ;}



harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786410

oops,

fw(confi) shun 208.75.184.192 0 0 0

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22786608
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22786874


You can shun it or you can add an outbound ACL on the inside interface. Eitherway you must add a ACL of sorts to block it.

the entire netblock for bebo.com is 208.75.184.0/22

An outbound ACL applied to the inside interface would block the traffic at it's source which is a better solution from my perspective

access-list inside deny ip any 208.75.184.0 255.255.252.0
access-list inside permit ip any any
access-group inside in interface inside

harbor235 ;}

0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now