Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
sco1984

How to block URL's in Cisco ASA 5510 ?

Recommended Posts

Hello,

 

I have 1 Cisco ASA 5510 device. Has only firewall module.

I want to block several URL's.

Any hints how can I do that?

 

I tried by following Cisco URL/guide where we need to create URL maps etc and add access list. Didn't work. [ Tried in ASDM mode i.e. GUI ]

Also tried using regex command. But ASA says command not found.

 

Unfortunately I don't have expertise on Cisco which doesn't use policy based routing so in trouble.

Share this post


Link to post
Share on other sites

<p>Its in the doc honestly</p>

<p> </p>

<p> </p>

<div>regex domainlist1 "\.yahoo\.com"</div>

<div>regex domainlist2 "\.myspace\.com"</div>

<div>regex domainlist3 "\.youtube\.com"</div>

<div> </div>

<div> </div>

 

Share this post


Link to post
Share on other sites
<p>Its in the doc honestly</p>

<p> </p>

<p> </p>

<div>regex domainlist1 &quot;\.yahoo\.com&quot;</div>

<div>regex domainlist2 &quot;\.myspace\.com&quot;</div>

<div>regex domainlist3 &quot;\.youtube\.com&quot;</div>

<div> </div>

<div> </div>

 

Cisco engineer sent me a pdf which had steps how to block certain url's using regex. But my ASA throws error stating that regex command not found.

Share this post


Link to post
Share on other sites

How to check that? I connect to ASA using PuTTy ( version 0.56 ) to fire those regex commands. In general via puTTy it accepts reload command. I connect using SSH protocol from PuTTy.

 

I am not sure how to check sh version in ASA. Googled but didn't help.

 

ASA version: 8.3(1)

ASDM version: 6.3(1)

Device Type: ASA 5510

Firewall Mode: Routed

 

 

I have above info displaying when I run ASDM.

Edited by sco1984

Share this post


Link to post
Share on other sites

SOmething like this should work for you, just copy and paste as I think you may be trying to enter a command at the wrong level.

 

regex domainlist1 “\.dating\.dk”

regex domainlist2 “\.facebook\.dk”

regex domainlist3 “\.facebook\.com”

!

access-list inside_mpc extended permit tcp any any eq www

access-list inside_mpc extended permit tcp any any eq 8080

!

class-map type regex match-any DomainBlockList

match regex domainlist1

match regex domainlist2

match regex domainlist3

!

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map inspection_default

match default-inspection-traffic

class-map httptraffic

match access-list inside_mpc

!

policy-map type inspect http http_inspection_policy

parameters

protocol-violation action drop-connection

match request method connect

drop-connection log

class BlockDomainsClass

reset log

!

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy

!

service-policy inside-policy interface inside

Share this post


Link to post
Share on other sites

Hello Mark,

 

Getting error at last line.

Pls see this screenshot >> hxxp://imageshack.us/photo/my-images/832/asaox.jpg/

Share this post


Link to post
Share on other sites

You havent defined you inside and outside interfaces thats why you get the error

 

What can I do to define them?

As of now this firewall is the gateway for all vpn traffic i.e .10.110.1.1

 

Another 5510 is configured only for http access = proxy [ Squid linux ] + another internet line.

But actual problem is people remove proxy settings from web-browser and browse any sites via above link which I want to stop.

 

Unfortunately 5510 doesn't support policy based routing which is too bad for me.

Just wonder if I upgrade firmware any chances that I can get policy based routing option?

I saw new release of ASDM are available for 5510.

Share this post


Link to post
Share on other sites

Hi

 

do sh run and paste the config in your next post

 

Mark

 

I have sent you "sh run" file just now via PM. Pls check it.

Share this post


Link to post
Share on other sites

yes I have it, which vlan do you want to apply this url filtering to?

 

 

10.100.10.x

Share this post


Link to post
Share on other sites

Try something like this:

 

Configure Regex

 

Create regular expressions

 

regex urldeny "EXAMPLE1\.DOMAIN\.net|EXAMPLE2\.DOMAIN\.net"

 

Configure ACL

 

Define hosts that are forwarded to the MPF HTTP inspection policy.

 

access-list regex-urlfilter extended deny tcp [ALLOW IP x.x.x.x] 255.255.255.255 any eq 80

access-list regex-urlfilter extended permit tcp any any eq 80

 

Configure Match Conditions

 

Define match conditions - here we match any header that is equal to the previously defined regular expressions (urldeny).

 

class-map type inspect http match-all class-urlfilter1

match request header host regex urldeny

 

Assign ACL`s

 

Assign previous access-lists to class-map.

 

class-map class-http-match1

match access-list regex-urlfilter

 

Create Policy Map

 

Create policy map and assign the class map (class-urlfilter1). Against this class map an action is assigned.

 

policy-map type inspect http policy-urlfilter1

parameters

class class-urlfilter1

drop-connection log

 

Assign HTTP Inpsection Policy Map

 

Under the global_policy map, assign the http inspection policy map against the match class map (class-http-match1) .

 

policy-map url-packet-filter

class class-urlfilter1

inspect http policy-urlfilter1

 

Configure Service-Policy

 

Assign global_policy to all interfaces.

 

service-policy url-packet-filter interface LAN-10

Share this post


Link to post
Share on other sites

access-list regex-urlfilter extended deny tcp [ALLOW IP x.x.x.x] 255.255.255.255 any eq 80

 

Can't get above line. Can you pls elaborate? A bit confused about the "allow IP" in red bracket. deny & allow in same expression?

Share this post


Link to post
Share on other sites

[ALLOW IP x.x.x.x] is the IP or subnet you want to allow !!!!!!!!!

 

Mark

 

Thanks. I am really kind of dumb in understanding cmd commands in Cisco.

 

Good news is I managed to block URL's via ASDM by referring to this cisco URL >> hxxp://goo.gl/8Q5Zx

Created Regular expressions,added ACL and it worked !

 

My mistake was I was putting dot before creating expression value.

Correct expression value is > \.youtube\.com I was using dot at beginning.

 

Now, 2 new problems >>

 

- I added tcp/http & tcp/https + urllist1 & its value , urllist2 + value.

- Above setting now altogether blocking all https URL's on that specific link. [ but it isn't blocking all http URL's ]

- I added ACL in global access list as follows >>

 

source <any> destination <any> service tcp/http,tcp/https HTTP filtering scan block facebook,youtube etc [ for 10.100.10.x & another VLAN ]

 

I want to know how can I put multiple value's in single urllist value field?

And why all https web-sites are getting blocked? Is it because I have mentioned no specific https URL in blocked list?

Why I added tcp/https because wanted to ensure no1 can access fb using https.

 

Any hints?

Edited by sco1984

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×