Apr 14, 2011

DNS Filtering

If you don't have a web filtering system, you can prevent users from accessing some web sites using HTTP inspection on ASA/PIX. However, it won't work whether they use HTTPS. So what?

You can use DNS inspection to block queries:


regex facebook.com ".*\.facebook\.com.*"
regex metasploit.com ".*\.metasploit\.com.*"
!
class-map type regex match-any domain_black_list
 match regex facebook.com
 match regex metasploit.com
!
policy-map type inspect dns preset_dns_map
 match domain-name regex class domain_black_list
  drop-connection log
!
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map

It's not the best solution for web filtering, but might be a good workaround.


asa(config)# end
asa# wr mem

No comments:

Post a Comment