Examples For Webtype Acls - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configure ACLs
For an explanation of keywords not explained here, see
page
•
•
•
Examples for Webtype ACLs
The following example shows how to deny access to a specific company URL:
hostname(config)# access-list acl_company webtype deny url http://*.example.com
The following example shows how to deny access to a specific web page:
hostname(config)# access-list acl_file webtype deny url
https://www.example.com/dir/file.html
The following example shows how to deny HTTP access to any URL on a specific server through port
8080:
hostname(config)# access-list acl_company webtype deny url http://my-server:8080/*
The following examples show how to use wildcards in webtype ACLs.
•
•
Cisco ASA Series Firewall CLI Configuration Guide
3-16
3-14. Keywords and arguments specific to this type of ACE include the following:
tcp—The TCP protocol. Webtype ACLs match TCP traffic only.
Destination Address—The dest_address_argument specifies the IP address to which the packet is
being sent:
–
host ip_address—Specifies an IPv4 host address.
–
dest_ip_address mask—Specifies an IPv4 network address and subnet mask, such as
10.100.10.0 255.255.255.0.
–
ipv6-address/prefix-length—Specifies an IPv6 host or network address and prefix.
–
any, any4, and any6—any specifies both IPv4 and IPv6 traffic; any4 specifies IPv4 traffic only;
and any6 specifies IPv6 traffic only.
operator port—The destination port. If you do not specify ports, all ports are matched. The operator
can be one of the following:
lt—less than
–
–
gt—greater than
–
eq—equal to
–
neq—not equal to
–
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example:
range 100 200
The port can be the integer or name of a TCP port.
The following example matches URLs such as http://www.example.com/layouts/1033:
access-list VPN-Group webtype permit url http://www.example.com/*
The following example matches URLs such as http://www.example.com/ and
http://www.example.net/:
access-list test webtype permit url http://www.example.*
Chapter 3
Add a Webtype ACE for URL Matching,
Access Control Lists
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
