https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456575#M81161 <HTML><HEAD></HEAD><BODY><P>access-list inside_out permit tcp host 192.168.1.30 any eq https</P><P>access-list inside_out permit tcp host 192.168.1.60 any eq https</P><P>access-list inside_out deny ip any any</P><P>access-group inside_out in interface inside</P></BODY></HTML> Wed, 26 Oct 2005 17:58:06 GMT pwicks 2005-10-26T17:58:06Z https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456574#M81160 <P>Hello,</P><P></P><P>can anyone help me with this?</P><P>i have 1 192.168.1.0 that only needs access to external http/s browsing in two machines 192.168.1.30 and 60.</P><P>whats the most secure configuration that i can make to allow only http?</P><P>thanks</P> Sat, 09 Mar 2019 20:50:25 GMT https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456574#M81160 joaquimlopes 2019-03-09T20:50:25Z https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456575#M81161 <HTML><HEAD></HEAD><BODY><P>access-list inside_out permit tcp host 192.168.1.30 any eq https</P><P>access-list inside_out permit tcp host 192.168.1.60 any eq https</P><P>access-list inside_out deny ip any any</P><P>access-group inside_out in interface inside</P></BODY></HTML> Wed, 26 Oct 2005 17:58:06 GMT https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456575#M81161 pwicks 2005-10-26T17:58:06Z https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456576#M81162 <HTML><HEAD></HEAD><BODY><P>access-list outbound permit tcp host 192.168.1.30 any eq https</P><P>access-list outbound permit tcp host 192.168.1.60 any eq https</P><P>access-list outbound permit udp any any eq domain</P><P>access-group outbound in interface inside</P><P></P><P>the last entry "permit udp any any eq domain" is required as you need to do dns for internet browsing. further by default there is an implicit</P><P>deny all at the end of every acl (i.e. optional). you would only apply this entry for troubleshooting/monitoring purposes.</P></BODY></HTML> Wed, 26 Oct 2005 22:55:25 GMT https://community.cisco.com/t5/other-security-subjects/secure-http-only-on-outside-interface/m-p/456576#M81162 jackko 2005-10-26T22:55:25Z