Announcement

Collapse
No announcement yet.

URL Filtering depending on IP Groups

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • URL Filtering depending on IP Groups

    Hi All. I have four groups of IP addresses on Cisco ASA5510 and I want to do URL filtering (blocking) dependent of these groups.

    Group A
    - browsing only on www.aaa.com and www.bbb.com
    Group B
    - browsing only on www.ccc.com and www.ddd.com
    Group C
    - browsing not allowed
    Group D
    - browsing without any restrictions

    I found sample script on ciscowiki.com, but I don't know how to modify this CLI config. Can you help me please?

    Thanks for tips.

    Martin

    Sample script :
    https://supportwiki.cisco.com/ViewWi.../ASA_url_block
    Allow every url for specific hosts, allow only specific urls for the rest :

    regex allowex1 "/test/"
    regex allowex2 "cisco\.com"

    access-list user-acl extended deny tcp host 192.168.1.2 any eq www
    access-list user-acl extended permit tcp any any eq www

    class-map type inspect http match-all allow-url-class
    match not request uri regex allowex1
    match not request header host regex allowex2
    class-map allow-user-class
    match access-list user-acl

    policy-map type inspect http allow-url-policy
    parameters
    class allow-url-class
    drop-connection
    policy-map allow-user-url-policy
    class allow-user-class
    inspect http allow-url-policy

    service-policy allow-user-url-policy interface inside
Working...
X