ASA and PIX using http inspection to filter URLs and Hosts in HTTP
From Internetworkpro
With ASA/PIX OS release 7.2, the inspection engines now can utilize regular expression lists for filtering.
In the following example, HTTP URL filtering for hosts/domains and URL content with regexes is shown. The example denies HTTP requests to host 136.3.9.2 that contain the strings "/cd/" or "/show/" in the URL.
!-- regex for the show URI string regex SHOW ".*/[Ss][Hh][Oo][Ww]/.*" !-- regex for the cd URI string regex CD ".*/[Cc][Dd]/.*" !-- regex for destinatinon host, can be a domain name also regex HOST "136.3.9.2" !-- now the host regex is used in a class map !-- multiple regexes can be matched in class map !-- note the "match-any", meaning that one match is sufficient class-map type regex match-any CM_DOMAINS match regex HOST !-- the URI string regexes are combined together in a class map !-- note the "match-any", meaning that one match is sufficient class-map type regex match-any CM_FORBIDDENURI match regex SHOW match regex CD !-- now the host and the uri class map are combined !-- note the "match-all", meaning that both conitions must match !-- so the host and either one of the two URI regexes class-map type inspect http match-all CM_H_BADREQUEST match request header host regex class CM_DOMAINS match request uri regex class CM_FORBIDDENURI !-- now the last class-map is used in a policy map !-- where the action is defined (reject and log) policy-map type inspect http PM_DENYBADHTTP parameters class CM_H_BADREQUEST reset log !-- the last step: the policy is applied to the default policy !-- by stating it as an additional parameter to the inspect http command policy-map global_policy class inspection_default inspect http PM_DENYBADHTTP ! service-policy global_policy global
