MPF provides a consistent and flexible way to configure security appliance features. For example, you can use MPF to create a timeout configuration that is specific to a particular TCP application, as opposed to one that applies to all TCP applications.
MPF supports these features:
TCP normalization, TCP and UDP connection limits and timeouts, and TCP sequence number randomization
QoS input policing
QoS output policing
QoS priority queue
The configuration of the MPF consists of four tasks:
Identify the Layer 3 and 4 traffic to which you want to apply actions.
(Application inspection only) Define special actions for application inspection traffic.
Apply actions to the Layer 3 and 4 traffic.
Activate the actions on an interface.
Remember, we just want to block facebook and youtube. You can get very granular in what you want to block, but for this example, we will just do the two websites. Topology will look like this:
Here is how we configure:
Define the Regex for the domain you wish to block:
regex blockex1 "facebook\.com"
regex blockex2 "youtube\.com"
Create a class map statement that matches your regex
class-map type inspect http match-any block-url-class
match request header host regex blockex1
match request header host regex blockex2
Create a broader policy map to include HTTP traffic and specify the previous class map
policy-map type inspect http block-url-policy
Apply inspect to your default policy:
inspect http block-url-policy
Apply your policy:
service-policy global_policy global
Now, if you go to facebook.com or youtube.com, you will not get anything in the browser. It basically just looks like nothing ever resolved in DNS. However, one little odd thing does happen that Ive noticed. If the user has the website up in their browser, and then you apply this config, they will still be able to get to it until they close their browser out. Im not sure why at the moment why that happens, but I do know for sure if they close the browser out and reopen, then they wont be able to get to the websites you listed. Very strange behavior, but something you can easily overcome with a reboot of all systems if needed.