Cisco ASA’s en HTTP / L7 inspection

With Cisco ASA’s you can open HTTP network traffic so you can inspect it and even block websites if you want to. Remember that this only works for non-encrypted traffic, if you want to inspect encrypted traffic you gonna need a solution where you can do a MITM (Man In The Middle) attack.

Here you have a very simple example where the dutch website “autoblog.nl” is being blocked for clients in VLAN 10 with a IPv4 address in the 192.168.10.0/24 network.

regex URL-AUTOBLOG.NL ".autoblog.nl"
access-list ACL-CMAP-VLAN10-HTTP extended permit tcp 192.168.10.0 255.255.255.0 any eq www
class-map type regex match-any CMAP-REGEX-HTTP
match regex URL-AUTOBLOG.NL
class-map CMAP-VLAN10-HTTP
match access-list ACL-CMAP-VLAN10-HTTP
policy-map type inspect http PMAP-VLAN10-HTTP
parameters
match request header host regex class CMAP-REGEX-HTTP
reset log

service-policy PMAP-VLAN10 interface VLAN10