URL Blocking on Cisco ASA
Topology
User access will be blocked while access the urls matching on configured regular expression
ASA Configuration
!
object-group user TEST-USER
user LOCAL\test
user LOCAL\test1
object-group service USER-SERVICE tcp
port-object eq www
port-object eq https
!
access-list USER-TRAFFIC extended permit tcp object-group-user TEST-USER any any object-group USER-SERVICE
!
regex cisco.com "cisco\.com"
!
class-map type inspect http match-any CMAP-MATCH-URL
match request header host regex cisco.com
class-map CMAP-MATCH-HTTP
match access-list USER-TRAFFIC
!
policy-map type inspect http PMAP-MATCH-URL
parameters
class CMAP-MATCH-URL
drop-connection log
policy-map PMAP-BLOCK-URL
class CMAP-MATCH-HTTP
inspect http PMAP-MATCH-URL
!
service-policy PMAP-BLOCK-URL interface outside
IP host entry is configured on user machine with IP of router CSR3
CSR2
!
ip host cisco.com 192.168.12.2
ip dhcp excluded-address 192.168.10.1 192.168.10.11
!
ip dhcp pool POOL1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
!
interface GigabitEthernet1
ip address 192.168.11.2 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
ip address 192.168.10.1 255.255.255.0
negotiation auto
CSR3
!
interface GigabitEthernet1
ip address 192.168.12.2 255.255.255.0
negotiation auto
!
ip http server
ip http authentication local
User will try to access cisco.com on http from machine having host entry of csr3 ip(192.168.12.2)
No comments:
Post a Comment