Solution:
The solution to this is the fact that this doesn´t work with the regexps:
class-map type inspect http match-all class-FIND-BANNED-URLS
match request uri regex class class-map-JIMMYS-BANNED-SITES
!
uri is the part of the url after the hostname, the directory-path and filename on the web-server. By matching uri you can in the “http://www.facebook.com/jimmy.larsson” match on substrings within the “/jimmy.larsson”-subset but not in “http://www.facebook.com”-part.
By instead match on the request header host string I get the desired result:
class-map type inspect http match-all class-FIND-BANNED-URLS
match request header host regex class class-map-JIMMYS-BANNED-SITES
Verification:
When trying to access facebook (after making sure that the clock is not in my 5 min per hour grace period 😉 ) I get this in the log:
%ASA-5-415008: HTTP - matched Class 29: class-FIND-BANNED-URLS in policy-map policy-INSPECT-HTTP, header matched - Resetting connection from inside:192.168.1.50/51194 to outside: 69.63.181.15/80
Caveat:
Since I match on host-name I cannot do stuff like this:
regex googlereader ".*google.com/reader*"
This will work.:
regex googlereader ".*google.com*"
However it will prevent me from using any google-service during my studies. (Which might be a good thing. 🙂 ) Anyway, how do I prevent access to google reader at google.com/reader without killing my google-searching-abilities? Like this:
regex reader ".*reader/.*"
regex google ".*.google..*"
!
class-map type inspect http match-all GOOGLEREADER
match request header host regex google
match request uri regex reader
!
policy-map type inspect http policy-INSPECT-HTTP
parameters
class class-FIND-BANNED-URLS
reset log
class GOOGLEREADER
reset log
Mission accomplished!
