cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1776
Views
0
Helpful
1
Replies

Allow HTTP POST

pratikmehta1
Level 1
Level 1

I have a cisco asa running 6.3

  I would like to allow HTTP POST method from specific IP range to a specific server.

all other IP addresses should only be allowed normal HTTP access to webserver.

   I tried to write up the policy map but getting a bit confused if the below if correct.

Please advice.

access-list POST_ACL extended permit tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80

class-map POST_ACL

match access-list POST_ACL

class-map type inspect http match-all POST_METHOD

match request method post

policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection

policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

1 Reply 1

pratikmehta1
Level 1
Level 1

I think if I change the access-list to deny that would rather work?

access-list POST_ACL extended deny tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80

class-map POST_ACL

match access-list POST_ACL

class-map type inspect http match-all POST_METHOD

match request method post

policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection

policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

Review Cisco Networking for a $25 gift card