MPF Task: prevent surfing to those sites at these times.

For todays lab-session I gave myself a small task: Configure the internet-ASA to prevent myself from surfing to specific time-consuming websites except from 5 minutes every hour.

The task sounds easy an as soon as I figured out to do MPF with a time-based acl for specifying inspect-traffic it just took me a few minutes to do this:

time-range STUDY-TIME
periodic weekdays 7:00 to 7:55
periodic weekdays 8:00 to 8:55
periodic weekdays 9:00 to 9:55
periodic weekdays 10:00 to 10:55
periodic weekdays 11:00 to 11:55
periodic weekdays 12:00 to 12:55
periodic weekdays 13:00 to 13:55
periodic weekdays 14:00 to 14:55
periodic weekdays 15:00 to 15:55
access-list acl-MAKE-JIMMY-WORK extended permit tcp any any eq www time-range STUDY-TIME
class-map class-NOSURF
match access-list acl-MAKE-JIMMY-WORK
regex gmail ".**"
regex googlereader ".**"
regex twitter ".**"
regex facebook ".**"
class-map type regex match-any class-map-JIMMYS-BANNED-SITES
match regex gmail
match regex googlereader
match regex twitter
match regex facebook
class-map type inspect http match-all class-FIND-BANNED-URLS
match request uri regex class class-map-JIMMYS-BANNED-SITES
policy-map type inspect http policy-INSPECT-HTTP
class class-FIND-BANNED-URLS
reset log
policy-map policy-inside
class class-NOSURF
inspect http policy-INSPECT-HTTP
service-policy policy-inside interface inside

However, it didn´t work. I was still able to get to facebook. I verified that there were hitcounts in the access-list and there was. I verified that the time-range was active, and it was. Still, no reset of traffic.

What have I done wrong? Feel free to try to spot the error and write a comment below…

Solution here!

Posted in Cisco Security


[mc4wp_form id="2457"]
Website Security Test