cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
351
Views
0
Helpful
1
Replies

Block XFF IP's on Cisco ASA Firewall

pratik_193
Level 1
Level 1

Hey Guys, 

I need to know whether we can block XFF IP's on CIsco ASA 5545x firewall . There are lot of spammers chocking my website who are using proxy servers...

Below are the licenses we have currently

Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 300            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 2500           perpetual
Other VPN Peers                   : 2500           perpetual
Total VPN Peers                   : 2500           perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual

 

Thanks in advance..

 

Pratik Doshit

 

1 Reply 1

I'm not aware of any elegant way to do that. You could use the L7-inspection to filter the HTTP-header with a matching Regex. But that has a big performance-impact.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: