MPF blocking works, but windowsupdate and some other sites are down or unstable


I have a ASA with the configuration below to block 3 domains. This blocking works fine, and for some time I thought everything was great.

But then I realized that some websites was down or unstable ex: windows update. If I disable the configuration with: no service-policy inside-policy interface inside

Everything comes back to life... am I doing something wrong?


regex domainlist1 "\\.dating\\.dk" regex domainlist2 "\\.facebook\\.dk" regex domainlist3 "\\.facebook\\.com"

access-list inside_mpc extended permit tcp any any eq www access-list inside_mpc extended permit tcp any any eq 8080

class-map type regex match-any DomainBlockList match regex domainlist1 match regex domainlist2 match regex domainlist3

class-map type inspect http match-all BlockDomainsClass match request header host regex class DomainBlockList class-map inspection_default match default-inspection-traffic class-map httptraffic match access-list inside_mpc ! policy-map type inspect http http_inspection_policy parameters protocol-violation action drop-connection match request method connect drop-connection log class BlockDomainsClass reset log

policy-map inside-policy class httptraffic inspect http http_inspection_policy! service-policy inside-policy interface inside

Reply to
Loading thread data ...

You might want to check the logs to see if stuff is being dropped due to protocol violations. Your config looks fine to me, doing a similar thing with a few customers to block Facebook, youtube, etc. Haven't had complaints about Windows Update not working as yet. The only downside is that this doesn't work with HTTPS. Bear in mind that your users could just put or on the end of those URLs to access them; you could easily modify the regexps to match this. Also "\\.facebook\\..*" could replace regexps 2 and 3.

Reply to


When MPF turned on I can not access

formatting link
(ip: (the Danish public tv station) If I remove MPF it comes back to life.

I have compared the diffecences in the syslog. Entering WITH MPF see:

formatting link
Entering Without MPF see:
formatting link
In the syslog (with MPF) I can se a lot of ?critical? issues (Inbound TCP connection denied from?).

Can something about this?

Reply to
M Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.