Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Allow HTTP POST

I have a cisco asa running 6.3

  I would like to allow HTTP POST method from specific IP range to a specific server.

all other IP addresses should only be allowed normal HTTP access to webserver.

   I tried to write up the policy map but getting a bit confused if the below if correct.

Please advice.

access-list POST_ACL extended permit tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80

class-map POST_ACL

match access-list POST_ACL

class-map type inspect http match-all POST_METHOD

match request method post

policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection

policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

Everyone's tags (3)
1 REPLY
Community Member

Allow HTTP POST

I think if I change the access-list to deny that would rather work?

access-list POST_ACL extended deny tcp 10.10.10.0 255.255.248.0 172.16.0.1 eq 80

class-map POST_ACL

match access-list POST_ACL

class-map type inspect http match-all POST_METHOD

match request method post

policy-map type inspect http POST_POLICY_ACTION

parameters

class POST_METHOD

  drop-connection

policy-map POST_TRAFFIC

class

  inspect http POST_POLICY_ACTION

504
Views
0
Helpful
1
Replies
CreatePlease to create content