Cisco ASA 5505 User Manual

Page 412

Advertising

18-6

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 18 Adding a Webtype Access List

Configuration Examples for Webtype Access Lists

The following example shows how to deny access to a specific file:

hostname(config)# access-list acl_file webtype deny url

https://www.example.com/dir/file.html

The following example shows how to deny HTTP access to any URL through port 8080:

hostname(config)# access-list acl_company webtype deny url http://my-server:8080/*

The following examples show how to use wildcards in Webtype access lists.

•

The following example matches URLs such as http://www.example.com/ and
http://www.example.net/:

access-list test webtype permit url

http://www.**ample/

•

The following example matches URLs such as http://www.cisco.com and ftp://wwz.example.com:

access-list test webtype permit url *://ww?.c*co*/

•

The following example matches URLs such as http://www.cisco.com:80 and
https://www.cisco.com:81:

access-list test webtype permit url *://ww?.c*co*:8[01]/

The range operator “[]” in the preceding example specifies that either character 0 or 1 can occur.

•

The following example matches URLs such as http://www.example.com and
http://www.example.net:

access-list test webtype permit url

http://www.[a-z]ample?*/

The range operator “[]” in the preceding example specifies that any character in the range from a to
z can occur.

•

The following example matches URLs such as http://www.cisco.com/anything/crazy/url/ddtscgiz:

access-list test webtype permit url htt*://*/*cgi?*

Note

To match any http URL, you must enter http://*/* instead of the former method of entering http://*.

The following example shows how to enforce a webtype access list to disable access to specific CIFS
shares.

In this scenario we have a root folder named “shares” that contains two sub-folders named
“Marketing_Reports” and “Sales_Reports.” We want to specifically deny access to the
“shares/Marketing_Reports” folder.

access-list CIFS_Avoid webtype deny url cifs://172.16.10.40/shares/Marketing_Reports.

However, due to the implicit “deny all,” the above access list makes all of the sub-folders inaccessible
(“shares/Sales_Reports” and “shares/Marketing_Reports”), including the root folder (“shares”).

To fix the problem, add a new access list to allow access to the root folder and the remaining sub-folders:

access-list CIFS_Allow webtype permit url cifs://172.16.10.40/shares*

Advertising

This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands

Popular manuals