https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569732#M204348 <P>Hi,</P><P>if you have policy-map applied on the ASA Interface , it will be bidirectional.</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wp1099596</P><P>Also , the ACL should be like this and then it will work:-</P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq www any</EM></P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq https any</EM></P><P>access-list http_traffic extended permit tcp any any eq www</P><P>access-list http_traffic extended permit tcp any any eq https</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Thu, 13 Nov 2014 06:07:59 GMT Vibhor Amrodia 2014-11-13T06:07:59Z https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569730#M204346 <P>&nbsp;</P><P>&nbsp;</P><P>We've implemented (or tried to) a rate limiting policy to drop http/https packets that exceed 4meg although it doesn't seem to work or have any impact on internet downloads as users are still able to download files and consume the full amount of bandwidth.</P><P>The ASA config is attached</P><P>The config was roughly based on content from this URL...</P><P>&nbsp;</P><P><A href="https://supportforums.cisco.com/discussion/10985866/traffic-rate-limiting-cisco-asa-5510" target="_blank">https://supportforums.cisco.com/discussion/10985866/traffic-rate-limiting-cisco-asa-5510</A></P><P>I must have missed something?</P> Tue, 12 Mar 2019 05:02:44 GMT https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569730#M204346 andy_4578 2019-03-12T05:02:44Z https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569731#M204347 <P>I am using&nbsp;</P><P><EM>ASA Version 8.2(5)46&nbsp;</EM></P><P>and as I know asa policy map works only in output direction</P><P><EM>policy-map qos</EM></P><P><EM>&nbsp;class qos</EM></P><P><EM>&nbsp; </EM><DEL><EM>police input 4000000</EM></DEL></P><P><EM>&nbsp; police output 4000000</EM></P><P>now it works only when you upload data to web servers</P><P>if you want to limit speed when downloading data from web servers so you need to do</P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq www any</EM></P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq https any</EM></P><P><EM>service-policy qos interface LAN</EM></P> Mon, 10 Nov 2014 04:10:07 GMT https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569731#M204347 Tagir Temirgaliyev 2014-11-10T04:10:07Z https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569732#M204348 <P>Hi,</P><P>if you have policy-map applied on the ASA Interface , it will be bidirectional.</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/mpf.html#wp1099596</P><P>Also , the ACL should be like this and then it will work:-</P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq www any</EM></P><P><EM>access-list http_traffic extended permit tcp any &nbsp;eq https any</EM></P><P>access-list http_traffic extended permit tcp any any eq www</P><P>access-list http_traffic extended permit tcp any any eq https</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Thu, 13 Nov 2014 06:07:59 GMT https://community.cisco.com/t5/network-security/rate-limit-http-https-traffic-on-cisco-asa5510-firewall/m-p/2569732#M204348 Vibhor Amrodia 2014-11-13T06:07:59Z