Cisco ASA URL Filtering [ASDM]

In this post i will show how to configure Cisco ASA to do URL filtering without need of server or websense appliance.

The process involve in 5 steps:
1. Configure RegExp for the domain/FQDN you wish to allow/block
2. Configure RegExp class map to group two or more RegExp
3. Set HTTP class map
4. Set HTTP inspection map
5. Configure Service Policy Rule

Let's start:

1. Got to Configuration > Firewall > Objects > Regular Expressions:

2. Click add to configure regular expression for the domain\FQDN you like to allow block, in my example i used Cisco.com and Microsoft.com

 

Then below click on add to create regular expression class, add the two newly created RegExp to this class:

 

3. Go to Configuration > Firewall > Objects > Class Maps > HTTP, configure new HTTP class map:

Set the criterion to Request Header Field, choose predefined field host and choose the RegExp class map.

4. Go to Configuration > Firewall > Objects > Inspect Maps > HTTP, configure new HTTP inspect map:

Choose the HTTP class map you just created, set the action and log options.

5. Go to Configuration > Firewall > Service Policy Rules, choose the relevant interface clikc on insert to add new rule:

 

 

 

 

click on configure:

 

Finally click on apply and there you go...

CLI configuration:

regex Cisco "\.cisco\.com" regex Microsoft "\.microsoft\.com" ! class-map type regex match-any RE_CLASS  description Regular Expression Class  match regex Cisco  match regex Microsoft ! class-map type inspect http match-all HTTP_CLASS_MAP  match request header host regex class RE_CLASS ! policy-map type inspect http HTTP_INSPECT_MAP  parameters   protocol-violation action drop-connection  class HTTP_CLASS_MAP   drop-connection log ! policy-map PM_ICMP  class CM_ICMP   inspect icmp  class INSIDE100-BLOCK_DOMAIN   inspect http HTTP_INSPECT_MAP ! service-policy PM_ICMP interface INSIDE100

 

 Next post how to block file types.