ASA firewall URL filtering

Source: Internet
Author: User

1. Create a class-map to identify transmission traffic


Config: access-list tcp_filter1 permit tcp 192.168.1.0 255.255.0 any eq www


Class-map tcp_filter_class1

Config-cmap: match access-list tcp_filter1 # class-map defines the allowed traffic


Exit


// Define a policy expression named url1, indicating that the URL suffix is ".games.com"


Config: regex url1 "\. games \. com"



// Create a class-map named url_class1 with the regex type


Config: class-map type regex match-any url_class1

|

| Match any


Config-map: match regex url1

Exit


// Create a class-map named http_url_class1 with the type of inspect http to check http traffic)


Config: class-map type inspect http http_url_class1

Config-cmap: match request header host regex class url_class1



2. Create policy-map and associate it with class-map.


Config: policy-map type inspect http http_url_policy1

Config-pmap: class http_url_class1 # Call the previously created class-map

Config-pmap-c: drop-connection log # drop data packets, close the connection, and send system logs

Exit

Exit

Config: policy-map inside_http_url_policy

Config-pmap: class tcp_filter-class1 # Call the previously created class-map

Config-pmap-c: inspect http http_url_policy1 # Check http traffic

Exit

Exit


3. Apply policy-map to the interface.


Config: service-policy inside_http_url_policy1 interface inside


Note: Only one policy-map can be applied to an interface.

This article from "I Am a rookie I am afraid of who" blog, please be sure to keep this source http://jialeide.blog.51cto.com/5597512/1304588

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.