Shulou(Shulou.com)06/01 Report--

Generally speaking, there are three steps to implement URL filtering:

1. Create a class-map (class map) to identify transport traffic

two。 Create a policy-map (policy map) and associate a class-map

3. Apply policy-map to the street corner

The configuration is as follows:

First floor

Ciscoasa (config) # access-listtcp_filter1permittcp10.1.1.0255.255.255.0anyeqwww

Match ACL:

Ciscoasa (config) # class-maptcp_filter_class1

Ciscoasa (config-cmap) # matchaccess-listtcp_filter1

Detect http traffic according to http_url_policy rules

Ciscoasa (config-cmap) # policy-mapinside_http_url_policy

Ciscoasa (config-pmap) # classtcp_filter_class1

Ciscoasa (config-pmap-c) # inspecthttphttp_url_policy1

Apply to the interface

Ciscoasa (config) # service-policyinside_url_policyinterfaceinside

Second floor

As long as the host field of the http request packet header is checked, the field specified by url_class1 is found.

Ciscoasa (config-cmap) # matchrequestheaderhostregexcla

Ciscoasa (config-cmap) # matchrequestheaderhostregexclassurl_class1

Discard the newspaper and record it in the log

Ciscoasa (config) # policy-maptypeinspecthttphttp_url_policy1

Ciscoasa (config-pmap) # classhttp_url_class1

Ciscoasa (config-pmap-c) # drop-connectionlog

The third floor

The fields specified by URL_class1 need to match the regular expression url1

Ciscoasa (config) # class-maptyperegexmatch-anyurl_class1

Ciscoasa (config-cmap) # matchregexurl1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.