Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Block XFF IP's on Cisco ASA Firewall

Hey Guys, 

I need to know whether we can block XFF IP's on CIsco ASA 5545x firewall . There are lot of spammers chocking my website who are using proxy servers...

Below are the licenses we have currently

Maximum Physical Interfaces       : Unlimited      perpetual
Maximum VLANs                     : 300            perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Active  perpetual
VPN-DES                           : Enabled        perpetual
VPN-3DES-AES                      : Enabled        perpetual
Security Contexts                 : 2              perpetual
GTP/GPRS                          : Disabled       perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : 2500           perpetual
Other VPN Peers                   : 2500           perpetual
Total VPN Peers                   : 2500           perpetual
Shared License                    : Enabled        perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
IPS Module                        : Disabled       perpetual

 

Thanks in advance..

 

Pratik Doshit

 

1 REPLY
VIP Purple

I'm not aware of any elegant

I'm not aware of any elegant way to do that. You could use the L7-inspection to filter the HTTP-header with a matching Regex. But that has a big performance-impact.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
93
Views
0
Helpful
1
Replies