I have ASA 5510 (8.0.2), ASDM 6.1 and ASA-SSM-10 6.1. We have a web site located at DMZ with a Public IP address. It is accessible from Internet via the public IP address. While keeping web site access enabled, I need to block access to http://X.X.X.X/Login.aspx from Public IP addresses,ie, Internet. We still need to access to this link from inside.
1. I tried to create regular expressions with \x.x.x.x AND \X.X.X.\login.aspx
2. I created a regular expression class and allocated these two expressions to the class.
3. Then I created an http class map with Criterion "Request URI" and the Value Regular Expression Class that I have created above (2) for http inspection policy.
4. Then I created an HTTP Inspect map and added inspection for the http class map that I have created(3) with the action "Reset" and log "Enable".
5. Then I added a new service policy to outside interface.
6. Match criteria "source and Destination IP..."
7. Source : Any, Destination : X.X.X.X, service: tcp/http and enabled rule
8. At Protocol inspection, checked "HTTP" and clicked on Configuration
9. "Select a HTTP inspect map for the fine control..." and choose the inspection policy created above (3)
Unfortunately, aftyer this config change, we were still able to access to http://X.X.X.X/Login.aspx from bopth inside and outside.
Thanks in advance for any suggestions...