Adding webtype access lists with a url string – Cisco ASA 5505 User Manual

Page 409

Advertising
background image

18-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 18 Adding a Webtype Access List

Using Webtype Access Lists

Adding Webtype Access Lists with a URL String

To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:

Command

Purpose

access-list

access_list_name webtype {deny

| permit} url [url_string | any]

[log[[disable | default] | level] interval

secs][time_range name]]

Example:

hostname(config)# access-list acl_company

webtype deny url http://*.cisco.example

Adds an access list to the configuration that supports filtering for
WebVPN.

The access_list_name argument specifies the name or number of an access
list.

The any keyword specifies all URLs.

The deny keyword denies access if the conditions are matched.

The interval option specifies the time interval at which to generate system
log message 106100; valid values are from 1 to 600 seconds.

The log [[disable | default] | level] option specifies that system log
message 106100 is generated for the ACE. When the log optional keyword
is specified, the default level for system log message 106100 is 6
(informational). See the log command for more information.

The permit keyword permits access if the conditions are matched.

The time_range name option specifies a keyword for attaching the
time-range option to this access list element.

The url keyword specifies that a URL be used for filtering.

The url_string option specifies the URL to be filtered.

You can use the following wildcard characters to define more than one
wildcard in the Webtype access list entry:

Enter an asterisk “*” to match no characters or any number of
characters.

Enter a question mark “?” to match any one character exactly.

Enter square brackets “[]” to create a range operator that matches any
one character in a range.

Note

To match any http URL, you must enter http://*/* instead of the
former method of entering http://*.

To remove an access list, use the no form of this command with the
complete syntax string as it appears in the configuration.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals