Apr 14, 2011

DNS Filtering

If you don't have a web filtering system, you can prevent users from accessing some web sites using HTTP inspection on ASA/PIX. However, it won't work whether they use HTTPS. So what?

You can use DNS inspection to block queries:


regex facebook.com ".*\.facebook\.com.*"
regex metasploit.com ".*\.metasploit\.com.*"
!
class-map type regex match-any domain_black_list
 match regex facebook.com
 match regex metasploit.com
!
policy-map type inspect dns preset_dns_map
 match domain-name regex class domain_black_list
  drop-connection log
!
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map

It's not the best solution for web filtering, but might be a good workaround.


asa(config)# end
asa# wr mem
Posted by at 11:01 AM
Categories: ,

1 comment:

  1. wadewillsonFebruary 6, 2019 at 12:55 PM

    thanks for this information..! There is more information about DNS Filtering here

    ReplyDelete

Subscribe to: Post Comments (Atom)