Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

firewall asa 5500 url filter

I have a asa 55000 and have a server in dmz public with service running in http://xxxx.xxxx.xxxx:8080/mmcp/c  but have problema becouse the user access to http://xxxx.xxxx.xxxx:80808 it is a appache server i am needed block this, only use full address

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

You could try using an ACL

You could try using an ACL that matches on the FQDN of the web server. Something like the following:

name-server <dns server IP-1> <dns server IP-2>

object network WEB-SERVER
  fqdn xxxx.xxxx.xxxx

access-list LAN-to-WEB deny tcp any object WEB-SERVER eq 80808

access-list LAN-to-WEB permit ip any any

access-group LAN-to-WEB in interface inside

If this is not what you are looking for then you can use regex to match on the URL string.  But we can get into that later if we need to.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
3 REPLIES
Cisco Employee

Hi d401martinez,

Hi d401martinez, This forum is for questions regarding the Cisco Application Centric Infrastructure (ACI) solution. I think you'll have a better chance of getting a useful response by posting your question in the Firewalling forum: https://supportforums.cisco.com/community/5966/firewalling Regards, Zach
New Member

thank youbrMarcelo 

thank you

br

Marcelo

 

VIP Green

You could try using an ACL

You could try using an ACL that matches on the FQDN of the web server. Something like the following:

name-server <dns server IP-1> <dns server IP-2>

object network WEB-SERVER
  fqdn xxxx.xxxx.xxxx

access-list LAN-to-WEB deny tcp any object WEB-SERVER eq 80808

access-list LAN-to-WEB permit ip any any

access-group LAN-to-WEB in interface inside

If this is not what you are looking for then you can use regex to match on the URL string.  But we can get into that later if we need to.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
146
Views
0
Helpful
3
Replies
CreatePlease to create content