topic Allow HTTP POST in Network Security https://community.cisco.com/t5/network-security/allow-http-post/m-p/1991687#M440767 <HTML><HEAD></HEAD><BODY><P>I think if I change the access-list to deny that would rather work?</P><P></P><P></P><P></P><P>access-list POST_ACL extended deny tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80</P><P></P><P></P><P></P><P></P><P>class-map POST_ACL</P><P> match access-list POST_ACL </P><P></P><P></P><P>class-map type inspect http match-all POST_METHOD</P><P> match request method post</P><P></P><P>policy-map type inspect http POST_POLICY_ACTION</P><P> parameters</P><P> class POST_METHOD </P><P>&nbsp; drop-connection </P><P></P><P></P><P></P><P>policy-map POST_TRAFFIC</P><P> class </P><P>&nbsp; inspect http POST_POLICY_ACTION</P></BODY></HTML> Mon, 18 Jun 2012 04:16:12 GMT pratikmehta1 2012-06-18T04:16:12Z Allow HTTP POST https://community.cisco.com/t5/network-security/allow-http-post/m-p/1991686#M440766 <P> I have a cisco asa running 6.3 </P><P></P><P></P><P>&nbsp; I would like to allow HTTP POST method from specific IP range to a specific server.</P><P>all other IP addresses should only be allowed normal HTTP access to webserver.</P><P></P><P>&nbsp;&nbsp; I tried to write up the policy map but getting a bit confused if the below if correct.</P><P></P><P>Please advice. </P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P></P><P>access-list POST_ACL extended permit tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80</P><P></P><P>class-map POST_ACL</P><P> match access-list POST_ACL </P><P></P><P></P><P>class-map type inspect http match-all POST_METHOD</P><P> match request method post</P><P></P><P>policy-map type inspect http POST_POLICY_ACTION</P><P> parameters</P><P> class POST_METHOD </P><P>&nbsp; drop-connection </P><P></P><P></P><P></P><P>policy-map POST_TRAFFIC</P><P> class </P><P>&nbsp; inspect http POST_POLICY_ACTION</P> Mon, 11 Mar 2019 23:20:15 GMT https://community.cisco.com/t5/network-security/allow-http-post/m-p/1991686#M440766 pratikmehta1 2019-03-11T23:20:15Z Allow HTTP POST https://community.cisco.com/t5/network-security/allow-http-post/m-p/1991687#M440767 <HTML><HEAD></HEAD><BODY><P>I think if I change the access-list to deny that would rather work?</P><P></P><P></P><P></P><P>access-list POST_ACL extended deny tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80</P><P></P><P></P><P></P><P></P><P>class-map POST_ACL</P><P> match access-list POST_ACL </P><P></P><P></P><P>class-map type inspect http match-all POST_METHOD</P><P> match request method post</P><P></P><P>policy-map type inspect http POST_POLICY_ACTION</P><P> parameters</P><P> class POST_METHOD </P><P>&nbsp; drop-connection </P><P></P><P></P><P></P><P>policy-map POST_TRAFFIC</P><P> class </P><P>&nbsp; inspect http POST_POLICY_ACTION</P></BODY></HTML> Mon, 18 Jun 2012 04:16:12 GMT https://community.cisco.com/t5/network-security/allow-http-post/m-p/1991687#M440767 pratikmehta1 2012-06-18T04:16:12Z