[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Filtering User urls using the pix + regex

Posted on 2008-10-21
8
Medium Priority
?
516 Views
Last Modified: 2013-11-16
Hi,
   I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface  i tried using service-polocy MY_HTTP_MAP  interface "name of interface" and it gives an error saying it can be applied to service policy command.

The below commands  is as follows

PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#  
0
Comment
Question by:BarepAssets
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22777395
Try this, save your config, try the following commands, do not save, if there is a problem you can reboot

config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log

policy-map global_policy    (existing active policy be careful)
class inspection_default    (existing active policy be careful)
inspect http Restricted_URLS

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22784525
Hi,
   Thanks for the response still does not seem to be filtering the website though any other ideas??

thks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786122


Where is bebo.com, inside or outside?

harbor235 ;}
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 

Author Comment

by:BarepAssets
ID: 22786193
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786332


Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.

If you want to block access to a site, shun it

fw(confi) shun 208.75.184.192

harbor235 ;}



harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786410

oops,

fw(confi) shun 208.75.184.192 0 0 0

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22786608
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1500 total points
ID: 22786874


You can shun it or you can add an outbound ACL on the inside interface. Eitherway you must add a ACL of sorts to block it.

the entire netblock for bebo.com is 208.75.184.0/22

An outbound ACL applied to the inside interface would block the traffic at it's source which is a better solution from my perspective

access-list inside deny ip any 208.75.184.0 255.255.252.0
access-list inside permit ip any any
access-group inside in interface inside

harbor235 ;}

0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month8 days, 2 hours left to enroll

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question