https://community.cisco.com/t5/network-security/port-80-query/m-p/3727469#M9388 <P>Can you send config and an extract of the log where you are seeing that port 80 is still being allowed?</P> <P>&nbsp;</P> <P>(try the packet tracer tools in ASDM to see if the packet is allowed/denied or not)</P> Wed, 17 Oct 2018 22:26:10 GMT Dennis Mink 2018-10-17T22:26:10Z https://community.cisco.com/t5/network-security/port-80-query/m-p/3727452#M9385 <P>Hello</P> <P>&nbsp;</P> <P>I blocked port 80 through our Cisco ASA to a particular IP but am still seeing connections being permitted in the logs. The only configuration for the IP is a NAT statement mapping it to an internal IP. Any ideas why?</P> <P>&nbsp;</P> <P>Thanks</P> <P>A</P> Fri, 21 Feb 2020 16:22:17 GMT https://community.cisco.com/t5/network-security/port-80-query/m-p/3727452#M9385 aok 2020-02-21T16:22:17Z https://community.cisco.com/t5/network-security/port-80-query/m-p/3727469#M9388 <P>Can you send config and an extract of the log where you are seeing that port 80 is still being allowed?</P> <P>&nbsp;</P> <P>(try the packet tracer tools in ASDM to see if the packet is allowed/denied or not)</P> Wed, 17 Oct 2018 22:26:10 GMT https://community.cisco.com/t5/network-security/port-80-query/m-p/3727469#M9388 Dennis Mink 2018-10-17T22:26:10Z https://community.cisco.com/t5/network-security/port-80-query/m-p/3727482#M9391 <P>Sorry, figured it out! I have multiple public IP addresses NATted to the same private IP, and there was a rule allowing HTTP to one of the public IP objects, which effectively allowed HTTP to anything destined for the private IP. Once I removed that rule HTTP is blocked.</P> Wed, 17 Oct 2018 23:00:08 GMT https://community.cisco.com/t5/network-security/port-80-query/m-p/3727482#M9391 aok 2018-10-17T23:00:08Z