For todays lab-session I gave myself a small task: Configure the internet-ASA to prevent myself from surfing to specific time-consuming websites except from 5 minutes every hour.
The task sounds easy an as soon as I figured out to do MPF with a time-based acl for specifying inspect-traffic it just took me a few minutes to do this:
time-range STUDY-TIME
periodic weekdays 7:00 to 7:55
periodic weekdays 8:00 to 8:55
periodic weekdays 9:00 to 9:55
periodic weekdays 10:00 to 10:55
periodic weekdays 11:00 to 11:55
periodic weekdays 12:00 to 12:55
periodic weekdays 13:00 to 13:55
periodic weekdays 14:00 to 14:55
periodic weekdays 15:00 to 15:55
!
access-list acl-MAKE-JIMMY-WORK extended permit tcp any any eq www time-range STUDY-TIME
!
class-map class-NOSURF
match access-list acl-MAKE-JIMMY-WORK
!
regex gmail ".*mail.google.com*"
regex googlereader ".*google.com/reader*"
regex twitter ".*.twitter.com*"
regex facebook ".*.facebook.com*"
!
class-map type regex match-any class-map-JIMMYS-BANNED-SITES
match regex gmail
match regex googlereader
match regex twitter
match regex facebook
!
class-map type inspect http match-all class-FIND-BANNED-URLS
match request uri regex class class-map-JIMMYS-BANNED-SITES
!
policy-map type inspect http policy-INSPECT-HTTP
parameters
class class-FIND-BANNED-URLS
reset log
!
policy-map policy-inside
class class-NOSURF
inspect http policy-INSPECT-HTTP
!
service-policy policy-inside interface inside
However, it didn´t work. I was still able to get to facebook. I verified that there were hitcounts in the access-list and there was. I verified that the time-range was active, and it was. Still, no reset of traffic.
What have I done wrong? Feel free to try to spot the error and write a comment below…
