×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Allow HTTP POST

Unanswered Question
Jun 17th, 2012
User Badges:

I have a cisco asa running 6.3



  I would like to allow HTTP POST method from specific IP range to a specific server.

all other IP addresses should only be allowed normal HTTP access to webserver.


   I tried to write up the policy map but getting a bit confused if the below if correct.


Please advice.









access-list POST_ACL extended permit tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80


class-map POST_ACL

match access-list POST_ACL



class-map type inspect http match-all POST_METHOD

match request method post


policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection




policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pratikmehta1 Sun, 06/17/2012 - 21:16
User Badges:

I think if I change the access-list to deny that would rather work?




access-list POST_ACL extended deny tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80





class-map POST_ACL

match access-list POST_ACL



class-map type inspect http match-all POST_METHOD

match request method post


policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection




policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

Actions

This Discussion