Question on ACL config.

Unanswered Question
Oct 16th, 2008

Hello's

I have an ACL question. I'm trying to set up an acl that will restrict 1 computer to accessing ONLY a website such as UPS.com. On doing an nslookup or Whois for ups.com I find www.ups.com answers to these IP addresses. 153.2.224.50

153.2.228.50

However, browsing to UPS.com does not necessarily connect to these IP addresses. It seems UPS.com is using some load balancing feature where it (ups.com) could resolve to several different IP's hosted it seems by akamai.

What is the best way to establish this lock down? Machine should only get to ups.com, however, UPS.com is not easily resolvable.

thanks

Sky.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
incognito_54 Fri, 10/17/2008 - 08:47

Hello,

I looked at the url and had a couple of follow up questions.

I'm wondering how the ip domain lookup would work in my scenario. If the user requests www.ups.com his computer will resolve the fqdn to whatever response the dns server hands back, which could be different each time the user visits ups.com

Even if i have enabled ip domain lookup and used the FQDN in the access list how would this help my situation? If the router does a lookup for www.ups.com, the router too may get a different IP address for ups.com than the user.

Does the question make sense?

Actions

This Discussion