Just so you know that https://www.skype.com is being blocked without 'protocol-violation action reset' command.
Best Regards. ______________________ Adil On Oct 11, 2012, at 5:49 PM, Adil Pasha <[email protected]> wrote: > Thanks Piotr. > > Then why https://www.skype.com is being blocked? > <Screen Shot 2012-10-11 at 5.45.30 PM.png> > > Still do not understand they why 'protocol-violation action reset' command > blocks https://www.facebook.com. But it also blocks all other https websites. > > policy-map type inspect http BlockDomainClass_user2 > parameters > protocol-violation action reset > > <Screen Shot 2012-10-11 at 5.47.20 PM.png> > > > > > > Best Regards. > ______________________ > Adil > > On Oct 11, 2012, at 5:27 PM, Piotr Matusiak <[email protected]> wrote: > >> Adil, >> >> Since FB is using HTTPS there is no way to block it with url matching. The >> URL is encrypted. >> All you can do is to block based on IP which can be difficult and not >> reliable. >> >> It could be possible using FPM on the routers by matching CN in the >> certificate. >> >> Other option in real life is to have ASA-CX :) >> >> Regards, >> Piotr >> >> >> >> On Oct 11, 2012, at 9:59 PM, Adil Pasha wrote: >> >>> Hi guys, >>> Does anyone know how to block https://www.facebook.com/login.php page using >>> MPF? >>> >>> The only way I am able to block Facebook login page is using the following: >>> >>> policy-map type inspect http BlockDomainClass_user2 >>> parameters >>> protocol-violation action reset log >>> class BlockDomainClass_user2 >>> >>> But if you use protocol-violation command it blocks all https traffic to >>> any website. Any explanation? >>> >>> All the explanation on these websites did not work. Seems like Facebook has >>> hired some really advance level developers :) >>> >>> >>> http://www.handbook.dk/block-domains-on-a-cisco-asa-152.htm >>> https://supportforums.cisco.com/docs/DOC-1268 >>> And new 8.4 version has a very basic solution: >>> https://supportforums.cisco.com/docs/DOC-1268 >>> >>> >>> The normal configuration on the following links cannot block the above >>> link. >>> Also, if the above link can be launched using Google.com search and then >>> click on Login. >>> >>> I am not finding any solution. >>> >>> This better not be the exam question till Cisco completely provides the >>> solution. I have tested it using ver 8.2, 8.3 and 8.4. >>> >>> Thanks for any help in advance. >>> >>> Best Regards. >>> ______________________ >>> Adil >>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
