Asa url filtering-reject work-independent websites

URL filtering is generally implemented in three steps:

1. Create a class-map (class ing) to identify transmission traffic

2. Create policy-map and associate it with class-map.

3. Apply policy-map to the street

The configuration is as follows:

Level 1

Ciscoasa (config) # access-listtcp_filter1permittcp10.1.1.0255.255.255.0anyeqwww

Match ACL:

Ciscoasa (config) # class-maptcp_filter_class1

Ciscoasa (config-cmap) # matchaccess-listtcp_filter1

Checks http traffic according to http_url_policy rules

Ciscoasa (config-cmap) # policy-mapinside_http_url_policy

Ciscoasa (config-pmap) # classtcp_filter_class1

Ciscoasa (config-pmap-c) # inspecthttphttp_url_policy1

Application to interface

Ciscoasa (config) # service-policyinside_url_policyinterfaceinside

Layer 2

When you check the host field of the http request packet header, you can find the fields specified by url_class1.

Ciscoasa (config-cmap) # matchrequestheaderhostregexlinoleic
Ciscoasa (config-cmap) # matchrequestheaderhostregexclassurl_class1

Discard the report and record it in the log

Ciscoasa (config) # policy-maptypeinspecthttphttp_url_policy1
Ciscoasa (config-pmap) # classhttp_url_class1
Ciscoasa (config-pmap-c) # drop-connectionlog

Layer 3

If the fields specified by URL_class1 need to match the regular expression, the expression url1

Ciscoasa (config) # class-maptyperegexmatch-anyurl_class1
Ciscoasa (config-cmap) # matchregexurl1

This article from the "Network Technology Exploration" blog, please be sure to keep this source http://heshengkai.blog.51cto.com/5014551/1298431