cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
3
Replies

ASA5555X with SF module - Can I block just a specific URL path ?

dclee
Level 1
Level 1

We currenlty run our ASA 5555X with the SF module installed. To date we have had no issues with it.

I have a requirement to block a specific inbound URL path to our ACE proxies.

For example

https://www.test.com/api/important

I would like to filter via the SF access control URL feature to allow all internal communication to that but drop all external access from the internet that tries to connect to the /api/important

At the same time I would like to allow all other https://www.test.com/? paths

Is this possible ?

Cheers

3 Replies 3

tbader-87
Level 1
Level 1

You need to have URL license in your subscription

what is the subscription you ordered ?

We do have the URL license, forgot to mention that :)

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello ,

URL block or allow works in two different ways .

Either you can allow or block a URL based on the url cateogaries from the url database downloaded in the device. 

Second way is adding a url manually to block or allow it as per your requirements. The source, destination and zones you can mention based on your requirement. To find the option, navigate to Policies > Access Control > Add Rule > URL > Click on Add to add the url manually and assign the actions.

Rate if this answer helps you.

Regards

Jetsy 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: