Solved

Filtering User urls using the pix + regex

Posted on 2008-10-21
8
513 Views
Last Modified: 2013-11-16
Hi,
   I want to filter a handful of website on the pix using regex the below example i am trying to filter www.bebo.com can expert please check code + tell me how to finish off to apply to interface  i tried using service-polocy MY_HTTP_MAP  interface "name of interface" and it gives an error saying it can be applied to service policy command.

The below commands  is as follows

PIX1# config t
PIX1(config)# regex URL_BEBO "+bebo\.com"
PIX1(config)# class-map type regex match-any Restricted_URLS
PIX1(config-cmap)# match regex URL_BEBO
PIX1(config-cmap)# class-map type inspect http match-all Restricted_HTTP
PIX1(config-cmap)# match request uri regex class Restricted_URLS
PIX1(config-cmap)# match request method propfind
PIX1(config-cmap)# policy-map type inspect http MY_HTTP_MAP
PIX1(config-pmap)# class Restricted_HTTP
PIX1(config-pmap-c)# reset log
PIX1(config-pmap-c)#  
0
Comment
Question by:BarepAssets
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 22777395
Try this, save your config, try the following commands, do not save, if there is a problem you can reboot

config t
regex URL_BEBO "bebo\.com"
policy-map type inspect http Restricted_URLS
parameters
match request uri regex URL_bebo
drop-connection-log

policy-map global_policy    (existing active policy be careful)
class inspection_default    (existing active policy be careful)
inspect http Restricted_URLS

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22784525
Hi,
   Thanks for the response still does not seem to be filtering the website though any other ideas??

thks
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786122


Where is bebo.com, inside or outside?

harbor235 ;}
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:BarepAssets
ID: 22786193
it is an internet site outside but my firewall is similar to a departmental firewall we are not at the internet access point we access internet via proxy in headquarters site.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786332


Remember, traffic flowing from a trusted network (inside) to the outside is allowed. The inspection piece is from untrusted to trusted.

If you want to block access to a site, shun it

fw(confi) shun 208.75.184.192

harbor235 ;}



harbor235 ;}
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22786410

oops,

fw(confi) shun 208.75.184.192 0 0 0

harbor235 ;}
0
 

Author Comment

by:BarepAssets
ID: 22786608
i am not too sure it wil work bebo.com has multiple different ip when i ping not just the 208.75.184.192
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22786874


You can shun it or you can add an outbound ACL on the inside interface. Eitherway you must add a ACL of sorts to block it.

the entire netblock for bebo.com is 208.75.184.0/22

An outbound ACL applied to the inside interface would block the traffic at it's source which is a better solution from my perspective

access-list inside deny ip any 208.75.184.0 255.255.252.0
access-list inside permit ip any any
access-group inside in interface inside

harbor235 ;}

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question