Match Reg Exp

regex domainlist1 "\.yahoo\.com"
regex domainlist2 "\.metacafe\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.facebook\.com"

class-map type regex match-any DomainLogList
  match regex domainlist4
class-map type regex match-any DomainBlockList
  match regex domainlist1
  match regex domainlist2
  match regex domainlist3
class-map type inspect http match-all CLASS-BLOCK
  match request header host regex class DomainBlockList
class-map type inspect http match-all CLASS-LOG
  match request header host regex class DomainLogList

policy-map type inspect http http_inspection_policy
 parameters
 class CLASS-BLOCK
   reset log
 class CLASS-LOG
   log


A typical HTTP message consists of:

Request line, like GET /some/resource/on/the/server.txt Headers, there is a mandatory field (as per HTTP 1.1) of Host, like www.cisco.com

Optional message body GET message points to specific resource on the server which is usually represents by URI.
If you want to match text included in the request line, use "match request uri" command, if you want to match host, use "match request header host".

If for example Cisco wants you to block www.cisco.com/univercd/home/home.htm  you should use both commands in one class-map like:

  regex regex-domain "www\.cisco\.com"
  regex regex-uri "/univercd/home/home\.htm"

class-map type regex match-all CLASS-URI
 match regex regex-uri
class-map type regex match-all CLASS-DOMAIN
 match regex regex-domain

class-map type inspect http match-all CLASS-BLOCK-1
 match request header host regex class CLASS-DOMAIN
class-map type inspect http match-all CLASS-BLOCK-2
 match request uri regex class CLASS-URI



5.1.2 Request-URI http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html


The Request-URI is a Uniform Resource Identifier (section 3.2) and identifies the resource upon which to apply the request.

Request-URI = "*"
absoluteURI
abs_path
authority

The four options for Request-URI are dependent on the nature of the request. The asterisk "*" means that the request does not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily apply to a resource. One example would be

OPTIONS * HTTP/1.1

The absoluteURI form is REQUIRED when the request is being made to a proxy. The proxy is requested to forward the request or service it from a valid cache, and return the response. Note that the proxy MAY forward the request on to another proxy or directly to the server specified by the absoluteURI.
In order to avoid request loops, a proxy MUST be able to recognize all of its server names, including any aliases, local variations, and the numeric IP address. An example Request-Line would be:

GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1

To allow for transition to absoluteURIs in all requests in future versions of HTTP, all HTTP/1.1 servers MUST accept the absoluteURI form in requests, even though HTTP/1.1 clients will only generate them in requests to proxies.

The authority form is only used by the CONNECT method (section 9.9).

The most common form of Request-URI is that used to identify a resource on an origin server or gateway. In this case the absolute path of the URI MUST be transmitted (see section 3.2.1, abs_path) as the Request-URI, and the network location of the URI (authority) MUST be transmitted in a Host header field. For example, a client wishing to retrieve the resource above directly from the origin server would create a TCP connection to port 80 of the host "www.w3.org" and send the lines:



GET /pub/WWW/TheProject.html HTTP/1.1

Host: www.w3.org

followed by the remainder of the Request. Note that the absolute path cannot be empty; if none is present in the original URI, it MUST be given as "/" (the server root).