12-29-2014 11:15 PM - edited 03-05-2019 12:28 AM
i have setup the port forwarding to internal LAN having 2 web paged http://server-ip/url1 and http://server-ip/url2 but on the same port no example port 8080
and i want to allow the access of only one url i.e http://server-ip/url from outside the network
i have used the class-map match-any block
match not protocol http url *url2*
policy-map block
class-map block
drop
and apply it to outside to interface facing the internet connection
but it will block the both url and hhtp access to server
please let me know the where is problem
12-30-2014 01:03 AM
Here is an example of how to use nbar to block specific URLs. I use the page www.theonion.com which should be generally allowed, but the section "Politics" should not:
class-map match-all CM-TEST-WEB match protocol http url "section/politics/" match protocol http host "www.theonion.com" ! policy-map PM-TEST-WEB class CM-TEST-WEB drop ! interface Vlan192 service-policy input PM-TEST-WEB
inet#sh policy-map inter Vlan192 Service-policy input: PM-TEST-WEB Class-map: CM-TEST-WEB (match-all) 143 packets, 82944 bytes 5 minute offered rate 5000 bps, drop rate 5000 bps Match: protocol http url "section/politics/" Match: protocol http host "www.theonion.com" drop Class-map: class-default (match-any) 20830 packets, 3710602 bytes 5 minute offered rate 91000 bps, drop rate 0 bps Match: any
Be aware that the router needs to look inside the HTTP-communication for that. Blocking HTTPS won't work.
And there are other ways to do it better. You could build a DMZ on your router, put a reverse-proxy in there and this one is configured to only forward the right requests to the real server.
12-30-2014 02:13 AM
Dear Karsten Iwen,
Thanks for your reply but i would like to block the one url of my internal server
like i have placed a web server which contains the two url e.g http://myserver/url1 and http:..myserver/url2 on same port number and if we put the url on the web both url1 and url2 will be opened but i want to block the access of the http://myserver/url2 ; (internal server)from the internet but url1 should be accessible on the internet
12-30-2014 02:23 AM
You have to replace the host/url in the example with your values.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide