Using the ASA to filter URLs

! ACLs will identify the protocol and port of the packets your filter will be checking
! This example is to block domains so www and https packets will be checked
!
access-list BLOCK_HTTPDOMAINS remark Defines packets to be checked in filter
access-list BLOCK_HTTPDOMAINS extended permit tcp any any eq www
access-list BLOCK_HTTPDOMAINS extended permit tcp any any eq https
!
! Individual named regex entries will define each separate domain to be filtered
!
regex DOMAIN01 "\.facebook\.com"
regex DOMAIN02 "\.myspace\.com"
regex DOMAIN03 "\.twitter\.com"
!
! Assign the ACL packet definition to a class map
!
class-map BLOCKHTTP_CLASS
  match access-list BLOCK_HTTPDOMAINS
!
! Define a class map to contain regex entries, with match any
!
class-map type regex match-any DOMAINBLOCK_LIST
  match regex DOMAIN01
  match regex DOMAIN02
  match regex DOMAIN03
!
! New class map with nested regex class map that defines the type 'inspect'
!
class-map type inspect http match-all DOMAINBLOCK_CLASS
  match request header host regex class DOMAINBLOCK_LIST
!
policy-map type inspect http HTTP_INSPECT_POLICY
  match request method connect
    drop-connection log
  class DOMAINBLOCK_CLASS
    reset log
!
! Nested policy maps
!
policy-map INSIDE_POLICY
  class BLOCKHTTP_CLASS
    inspect http HTTP_INSPECT_POLICY
!
! Apply to either the global policy or a specific inside policy (this example)
!
service-policy INSIDE_POLICY interface INSIDE
!