Block domains on a Cisco ASA
By default you can block domains with a Cisco ASA.
It simply blocks the typed DNS domain names.
Be aware that the IP (ex: http://80.80.80.80) can be accessed until you deny this in an access-list.
regex domainlist1 “\.dating\.dk”
regex domainlist2 “\.facebook\.dk”
regex domainlist3 “\.facebook\.com”
!
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
!
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
!
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map inspection_default
match default-inspection-traffic
class-map httptraffic
match access-list inside_mpc
!
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection <— XX
match request method connect
drop-connection log
class BlockDomainsClass
reset log
!
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
!
service-policy inside-policy interface inside
Block all domains containing the word “facebook” ex: myfacebook.com
regex domainlist1 “.*facebook.*”
