Solved

Filtering User urls using the pix + regex

Posted on 2008-10-21
8
512 Views
Last Modified: 2013-11-16
Hi,
   I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface  i tried using service-polocy MY_HTTP_MAP  interface "name of interface" and it gives an error saying it can be applied to service policy command.

The below commands  is as follows

PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#  
0
Comment
Question by:BarepAssets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22777395
Try this, save your config, try the following commands, do not save, if there is a problem you can reboot

config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log

policy-map global_policy    (existing active policy be careful)
class inspection_default    (existing active policy be careful)
inspect http Restricted_URLS

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22784525
Hi,
   Thanks for the response still does not seem to be filtering the website though any other ideas??

thks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786122


Where is bebo.com, inside or outside?

harbor235 ;}
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:BarepAssets
ID: 22786193
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786332


Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.

If you want to block access to a site, shun it

fw(confi) shun 208.75.184.192

harbor235 ;}



harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786410

oops,

fw(confi) shun 208.75.184.192 0 0 0

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22786608
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22786874


You can shun it or you can add an outbound ACL on the inside interface. Eitherway you must add a ACL of sorts to block it.

the entire netblock for bebo.com is 208.75.184.0/22

An outbound ACL applied to the inside interface would block the traffic at it's source which is a better solution from my perspective

access-list inside deny ip any 208.75.184.0 255.255.252.0
access-list inside permit ip any any
access-group inside in interface inside

harbor235 ;}

0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question