Here you go. these work for me..
regex IEEE "\.ieee\.org" !LAYER7 class-map type inspect dns match-all IEEE-DNS-CLASS match domain-name regex IEEE policy-map type inspect dns IEEE-DNS-POLICY parameters class IEEE-DNS-CLASS drop-connection !Layer4 class-map DNS match port udp eq domain policy-map DNS class DNS inspect dns IEEE-DNS-POLICY service-policy DNS interface INSIDE ====================================== Method 2:. regex W3 \.w3\.org regex IEEE "\.ieee\.org" !Layer7-classfication and drop class-map type regex match-any BLOCK-FQDN match regex IEEE match regex W3 class-map type inspect dns BLOCK-FQDN-L7 match domain-name regex class BLOCK-FQDN policy-map type inspect dns BLOCK-FQDN-L7 parameters class BLOCK-FQDN-L7 drop !Layer4 claffication and action on Lay7 policy class-map DNS match port udp eq domain policy-map DNS class DNS inspect dns WEBSENSE-DNS service-policy DNS interface INSIDE FNK On Thu, Oct 11, 2012 at 9:29 PM, Fawad Khan <[email protected]> wrote: > Ssl offloading might be the solution to block any thing like that. The > other way is to block using DNS MPF. Search of fqdn like Facebook.com and > the reset the connection. No one will be able to resolve Facebook ip > address hence practically denying the way. > > > On Thursday, October 11, 2012, Adil Pasha wrote: > >> Just so you know that https://www.skype.com is being blocked without >> 'protocol-violation action reset' command. >> >> >> Best Regards. >> ______________________ >> Adil >> >> On Oct 11, 2012, at 5:49 PM, Adil Pasha <[email protected]> wrote: >> >> Thanks Piotr. >> >> Then why https://www.skype.com is being blocked? >> <Screen Shot 2012-10-11 at 5.45.30 PM.png> >> >> Still do not understand they why 'protocol-violation action reset' >> command blocks https://www.facebook.com. But it also blocks all other >> https websites. >> >> policy-map type inspect http BlockDomainClass_user2 >> parameters >> protocol-violation action reset >> >> <Screen Shot 2012-10-11 at 5.47.20 PM.png> >> >> >> >> >> >> Best Regards. >> ______________________ >> Adil >> >> On Oct 11, 2012, at 5:27 PM, Piotr Matusiak <[email protected]> wrote: >> >> Adil, >> >> Since FB is using HTTPS there is no way to block it with url matching. >> The URL is encrypted. >> All you can do is to block based on IP which can be difficult and not >> reliable. >> >> It could be possible using FPM on the routers by matching CN in the >> certificate. >> >> Other option in real life is to have ASA-CX :) >> >> Regards, >> Piotr >> >> >> >> On Oct 11, 2012, at 9:59 PM, Adil Pasha wrote: >> >> Hi guys, >> Does anyone know how to block https://www.facebook.com/login.php page >> using MPF? >> >> The only way I am able to block Facebook login page is using the >> following: >> >> policy-map type inspect http BlockDomainClass_user2 >> parameters >> protocol-violation action reset log >> class BlockDomainClass_user2 >> >> But if you use protocol-violation command it blocks all https traffic to >> any website. Any explanation? >> >> All the explanation on these websites did not work. Seems like Facebook >> has hired some really advance level developers :) >> >> >> http://www.handbook.dk/block-domains-on-a-cisco-asa-152.htm >> https://supportforums.cisco.com/docs/DOC-1268 >> And new 8.4 version has a very basic solution: >> https://supportforums.cisco.com/docs/DOC-1268 >> >> >> The normal configuration on the following links cannot block the above >> link. >> Also, if the above link can be launched using >> Google.com<http://google.com/>search and then click on Login. >> >> I am not finding any solution. >> >> This better not be the exam question till Cisco completely provides the >> solution. I have tested it using ver 8.2, 8.3 and 8.4. >> >> Thanks for any help in advance. >> >> Best Regards. >> ______________________ >> Adil >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> <http://www.platinumplacement.com/> >> >> >> > > -- > FNK, CCIE Security#35578 >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
