HI,
You shall do the same with MPF. Create a regex filter to identify the types of files you would like to block,
e.g.
1
2
3
4
5
regex archive-type1 ".*\.([Zz][Ii][Pp]'[Tt][Aa][Rr]'[Tt][Gg][Zz]) HTTP/1.[01]"
regex archive-type2 ".*\.([Tt][Aa][Rr].([Gg][Zz]'[Bb][Zz]2)'7[Zz]) HTTP/1.[01]"
regex doc-type1 ".*\.([Dd][Oo][Cc]'[Xx][Ll][Ss]'([Pp]){2}[Tt]) HTTP/1.[01]"
regex doc-type2 ".*\.([Pp][Dd][Ff]'[Oo][Dd][Tt]) HTTP/1.[01]"
regex exe-type1 ".*\.([Ee][Xx][Ee]'[Vv][Bb][Ss]'[Vv][Bb][Aa]) HTTP/1.[01]"
Create regex for Content-Type Application/*
1
2
regex application-header "application/*"
regex content-type "Content-Type"
Classify regex that matches the extension types
class-map type regex match-any ext-types
match regex doc-type1
match regex doc-type2
match regex archive-type2
match regex archive-type1
match regex exe-type1
Capture the http response that contains content-type and application/* header
2
class-map type inspect http match-all http-header-response
match response header regex content-type regex application-header
Capture http request packet that matches the class ext-types
1
2
class-map type inspect http match-all http-request
match request uri regex class ext-types
HTTP is the interesting traffic
1
2
3
4
access-list http-traffic extended permit tcp any any eq www
access-list http-traffic extended permit tcp any any eq 8080
class-map http-traffic-class
match access-list http-traffi
Create policy to prevent download attempt via http request
1
2
3
4
5
6
7
policy-map type inspect http block-http-download
parameters
protocol-violation action drop-connection log
class http-header-response
drop-connection log
class http-request
reset log
Apply policy on the interesting traffic
1
2
3
policy-map inside-http
class http-traffic-class
inspect http block-http-download
Apply the policy onto interface to take effect
1
service-policy inside-http interface inside
Hope this would help.
SOURCE: No power to cisco 5505 ASA
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
From the US, you can call: 1.800.553.2447
From there, Cisco will be able to tell you what your warranty status is by the device's serial number, and can also provide you with a quote if your warranty has expired.
SOURCE: how to connect the Cisco ASA 5505 firewall through lan cables?
A conflict in the IP address, resolve it
SOURCE: Cisco ASA 5505 firewall support URL filtering or
Hi, the Cisco ASA 5505 is the base model, and URL filtering is not available on this model. The first model that allows URL filtering is the 5510, and every model above that. You can view the models and features here:
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
SOURCE: how will block yahoo.com using cisco asa 5505
Hello there, you need to check this out
Regards
SOURCE: how to block some website on asa 5505?
do the name resolution for the website and write a policy to block the traffic from your trusted network to that website ip address. If required i shall write the policy and give it to you, for this i need the following details.
1. Name of the websites
2. Local network range (LAN ip address with SNM)
But this is very hard for you if there is more number of websites, For this you shall integrate a URL filtering software like WebSense, N2H2 etc with your firewall.
345 views
Usually answered in minutes!
×