Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
3
Replies

firewall asa 5500 url filter

Go to solution
d401martinez
Level 1
Level 1

‎09-15-2014 11:35 AM - edited ‎03-11-2019 09:45 PM

I have a asa 55000 and have a server in dmz public with service running in http://xxxx.xxxx.xxxx:8080/mmcp/c  but have problema becouse the user access to http://xxxx.xxxx.xxxx:80808 it is a appache server i am needed block this, only use full address

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP
In response to d401martinez

‎09-16-2014 01:08 AM

You could try using an ACL that matches on the FQDN of the web server. Something like the following:

name-server <dns server IP-1> <dns server IP-2>

object network WEB-SERVER
  fqdn xxxx.xxxx.xxxx

access-list LAN-to-WEB deny tcp any object WEB-SERVER eq 80808

access-list LAN-to-WEB permit ip any any

access-group LAN-to-WEB in interface inside

If this is not what you are looking for then you can use regex to match on the URL string.  But we can get into that later if we need to.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Zach Seils
Level 7
Level 7

‎09-15-2014 12:53 PM

Hi d401martinez, This forum is for questions regarding the Cisco Application Centric Infrastructure (ACI) solution. I think you'll have a better chance of getting a useful response by posting your question in the Firewalling forum: https://supportforums.cisco.com/community/5966/firewalling Regards, Zach
0 Helpful

Go to solution
d401martinez
Level 1
Level 1
In response to Zach Seils

‎09-15-2014 01:25 PM

thank you

br

Marcelo

 

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to d401martinez

‎09-16-2014 01:08 AM

You could try using an ACL that matches on the FQDN of the web server. Something like the following:

name-server <dns server IP-1> <dns server IP-2>

object network WEB-SERVER
  fqdn xxxx.xxxx.xxxx

access-list LAN-to-WEB deny tcp any object WEB-SERVER eq 80808

access-list LAN-to-WEB permit ip any any

access-group LAN-to-WEB in interface inside

If this is not what you are looking for then you can use regex to match on the URL string.  But we can get into that later if we need to.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card