MPF Task: prevent surfing to those sites at these times.

For todays lab-session I gave myself a small task: Configure the internet-ASA to prevent myself from surfing to specific time-consuming websites except from 5 minutes every hour.

The task sounds easy an as soon as I figured out to do MPF with a time-based acl for specifying inspect-traffic it just took me a few minutes to do this:


time-range STUDY-TIME
periodic weekdays 7:00 to 7:55
periodic weekdays 8:00 to 8:55
periodic weekdays 9:00 to 9:55
periodic weekdays 10:00 to 10:55
periodic weekdays 11:00 to 11:55
periodic weekdays 12:00 to 12:55
periodic weekdays 13:00 to 13:55
periodic weekdays 14:00 to 14:55
periodic weekdays 15:00 to 15:55
!
access-list acl-MAKE-JIMMY-WORK extended permit tcp any any eq www time-range STUDY-TIME
!
class-map class-NOSURF
match access-list acl-MAKE-JIMMY-WORK
!
regex gmail ".*mail\.google\.com*"
regex googlereader ".*google\.com\/reader*"
regex twitter ".*\.twitter\.com*"
regex facebook ".*\.facebook\.com*"
!
class-map type regex match-any class-map-JIMMYS-BANNED-SITES
match regex gmail
match regex googlereader
match regex twitter
match regex facebook
!
class-map type inspect http match-all class-FIND-BANNED-URLS
match request uri regex class class-map-JIMMYS-BANNED-SITES
!
policy-map type inspect http policy-INSPECT-HTTP
parameters
class class-FIND-BANNED-URLS
reset log
!
policy-map policy-inside
class class-NOSURF
inspect http policy-INSPECT-HTTP
!
service-policy policy-inside interface inside


However, it didn´t work. I was still able to get to facebook. I verified that there were hitcounts in the access-list and there was. I verified that the time-range was active, and it was. Still, no reset of traffic.

What have I done wrong? Feel free to try to spot the error and write a comment below…

Solution here!