Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
3
Replies

Allow only one URL

kaushal.pawan
Level 1
Level 1

‎12-29-2014 11:15 PM - edited ‎03-05-2019 12:28 AM

i have setup the port forwarding to internal LAN having 2 web paged http://server-ip/url1 and http://server-ip/url2 but on the same port no example port 8080

and i want to allow the access of only one url i.e http://server-ip/url from outside the network

 

 

i have used the class-map match-any block

match not protocol http url *url2*

policy-map block

class-map block

drop

 

 

and apply it to outside to interface facing the internet connection

but it will block the both url and hhtp access to server

please let me know the where is problem

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎12-30-2014 01:03 AM

Here is an example of how to use nbar to block specific URLs. I use the page www.theonion.com which should be generally allowed, but the section "Politics" should not:

class-map match-all CM-TEST-WEB
 match protocol http url "section/politics/"
 match protocol http host "www.theonion.com"
!
policy-map PM-TEST-WEB
 class CM-TEST-WEB
  drop
!
interface Vlan192
 service-policy input PM-TEST-WEB

 

inet#sh policy-map inter
 Vlan192

  Service-policy input: PM-TEST-WEB

    Class-map: CM-TEST-WEB (match-all)
      143 packets, 82944 bytes
      5 minute offered rate 5000 bps, drop rate 5000 bps
      Match: protocol http url "section/politics/"
      Match: protocol http host "www.theonion.com"
      drop

    Class-map: class-default (match-any)
      20830 packets, 3710602 bytes
      5 minute offered rate 91000 bps, drop rate 0 bps
      Match: any

 

Be aware that the router needs to look inside the HTTP-communication for that. Blocking HTTPS won't work.

And there are other ways to do it better. You could build a DMZ on your router, put a reverse-proxy in there and this one is configured to only forward the right requests to the real server.

0 Helpful

kaushal.pawan
Level 1
Level 1

‎12-30-2014 02:13 AM

Dear Karsten Iwen,

 

Thanks for your reply but i would like to block the one  url of my internal server

like i have placed a web server which contains the two url e.g http://myserver/url1 and http:..myserver/url2 on same port number and if we put the url on the web both url1 and url2 will be opened but i want to block the access of the http://myserver/url2 ; (internal server)from the internet  but url1 should be accessible on the internet

0 Helpful

Karsten Iwen
VIP
VIP
In response to kaushal.pawan

‎12-30-2014 02:23 AM

You have to replace the host/url in the example with your values. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card