https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403402#M760181 <HTML><HEAD></HEAD><BODY><P>Hi Kusankar,</P><P></P><P>No, we do not have CSC.</P><P></P><P>Actually, after I removed the second regular expression and left only login2 (login.aspx), it started working. Now, we can access to the web site at normal time and noone can access to <A href="http://X.X.X.X/login.aspx">http://X.X.X.X/login.aspx</A> . There is one thing though, when people tries to access <A href="http://X.X.X.X/login.aspx">http://X.X.X.X/login.aspx</A> the pc waits for 5-10 minutes before it fails to connect. Is there any way to decrease the time?</P><P></P><P>Thanks</P><P></P><P>Semih</P></BODY></HTML> Wed, 17 Feb 2010 03:16:26 GMT Network Administrator 2010-02-17T03:16:26Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403397#M760158 <P>Hi,</P><P></P><P>I have ASA 5510 (8.0.2), ASDM 6.1 and ASA-SSM-10 6.1. We have a web site located at DMZ with a Public IP address. It is accessible from Internet via the public IP address. While keeping web site access enabled, I need to block access to <A href="http://X.X.X.X/Login.aspx" target="_blank">http://X.X.X.X/Login.aspx</A> from Public IP addresses,ie, Internet. We still need to access to this link from inside.</P><P></P><P>1. I tried to create regular expressions with \x.x.x.x AND \X.X.X.\login.aspx</P><P>2. I created a regular expression class and allocated these two expressions to the class.</P><P>3. Then I created an http class map&nbsp; with Criterion "Request URI" and the Value Regular Expression Class that I have created above (2) for http inspection policy.</P><P>4. Then I created an HTTP Inspect map and added inspection for the http class map that I have created(3) with the action "Reset" and log "Enable".</P><P>5.&nbsp; Then I added a new service policy to outside interface.</P><P>6. Match criteria "source and Destination IP..."</P><P>7. Source : Any, Destination : X.X.X.X, service: tcp/http and enabled rule</P><P>8. At Protocol inspection, checked "HTTP" and clicked on Configuration</P><P>9. "Select a HTTP inspect map for the fine control..." and choose the inspection policy created above (3)</P><P></P><P>Unfortunately, aftyer this config change, we were still able to access to <A href="http://X.X.X.X/Login.aspx" target="_blank">http://X.X.X.X/Login.aspx</A> from bopth inside and outside.</P><P></P><P>Thanks in advance for any suggestions...</P><P></P><P>Semih</P> Mon, 11 Mar 2019 17:10:41 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403397#M760158 Network Administrator 2019-03-11T17:10:41Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403398#M760161 <HTML><HEAD></HEAD><BODY><P>check this link out:</P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-1268">https://supportforums.cisco.com/docs/DOC-1268#Block_specific_urls</A></P><P></P><P>Is this what you configured and it does not work?</P><P></P><P>-KS</P></BODY></HTML> Wed, 17 Feb 2010 02:07:39 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403398#M760161 Kureli Sankar 2010-02-17T02:07:39Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403399#M760165 <HTML><HEAD></HEAD><BODY><P>Hi Kusankar,</P><P></P><P>Yes, I followed that link's instructions for "Block spefific uris". But with the following changes:</P><P></P><P>1. I used case insensitive regular expressions to cover login or login.aspx:</P><P></P><P>regex login2 "/[Ll][Oo][Gg][Ii][Nn].[Aa][Ss][Pp][Xx]"<BR />regex login "/[Ll][Oo][Gg][Ii][Nn]"</P><P></P><P>2. I did not apply it to Global policy. Since I wanted to block only incoming requests from outside to our dmz, I applied it to outside interface and outside policy.</P><P></P><P>Now I can not even access to http:/X.X.X.X web site from outside.</P><P></P><P>Thanks</P><P></P><P>Semih</P></BODY></HTML> Wed, 17 Feb 2010 02:21:55 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403399#M760165 Network Administrator 2010-02-17T02:21:55Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403400#M760170 <HTML><HEAD></HEAD><BODY><P>Hi Kusankar,</P><P></P><P>Just an update, it reached to <A href="http://X.X.X.X">http://X.X.X.X</A> but extremely slow. It takes around 5 minutes to load the web site. It also blocks login.aspx. But if I remove the inspection, it loads in 10 seconds.</P><P></P><P>Thanks</P><P></P><P>Semih</P></BODY></HTML> Wed, 17 Feb 2010 02:29:06 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403400#M760170 Network Administrator 2010-02-17T02:29:06Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403401#M760175 <HTML><HEAD></HEAD><BODY><P>Do you also have a CSC module?</P><P>Any errors on the interfaces? sh int | i errors</P><P>adding http inspection required packets to arrive in order on the ASA. If you recieve large amount of out of order packets then this is going to add latency.</P><P></P><P>-KS</P></BODY></HTML> Wed, 17 Feb 2010 02:36:37 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403401#M760175 Kureli Sankar 2010-02-17T02:36:37Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403402#M760181 <HTML><HEAD></HEAD><BODY><P>Hi Kusankar,</P><P></P><P>No, we do not have CSC.</P><P></P><P>Actually, after I removed the second regular expression and left only login2 (login.aspx), it started working. Now, we can access to the web site at normal time and noone can access to <A href="http://X.X.X.X/login.aspx">http://X.X.X.X/login.aspx</A> . There is one thing though, when people tries to access <A href="http://X.X.X.X/login.aspx">http://X.X.X.X/login.aspx</A> the pc waits for 5-10 minutes before it fails to connect. Is there any way to decrease the time?</P><P></P><P>Thanks</P><P></P><P>Semih</P></BODY></HTML> Wed, 17 Feb 2010 03:16:26 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403402#M760181 Network Administrator 2010-02-17T03:16:26Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403403#M760187 <HTML><HEAD></HEAD><BODY><P>You can change the action from "drop-connection" to reset. Then the browser will know right away that he was denied.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 17 Feb 2010 16:59:47 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403403#M760187 Panos Kampanakis 2010-02-17T16:59:47Z https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403404#M760189 <HTML><HEAD></HEAD><BODY><P>Thanks everone for the help.</P><P></P><P>I have already used Kusankar's link for this. But it started working only after I used one parameter rather than 2.</P><P></P><P>For the delay in rejecting the access, I changed the action to reset rather than drop connection as recomended by pkampana; it did not do any changes. Currently, web site is accessible and /login.aspx is blocked. Therefore I will leave it as is for now.</P><P></P><P>Thanks again...</P><P></P><P>Semih</P></BODY></HTML> Thu, 18 Feb 2010 01:11:23 GMT https://community.cisco.com/t5/network-security/how-to-block-http-x-x-x-x-login-aspx-from-being-accessed-by/m-p/1403404#M760189 Network Administrator 2010-02-18T01:11:23Z