[afnog] Web access blocking
Mark Tinka
mtinka at africaonline.co.sz
Wed May 11 12:34:30 EAT 2005
On Monday 09 May 2005 15:41, Moussa BAGAYOKO wrote:
> Someone can help me please to how to block a web
> access from specific bloc IP address behind inside
> interface on Cisco pix-525. The inside interface is
> connected to cisco routeur 3745.
Still trying to firm up my PIX skills, but at the very
least, on the router, you could use an extended ACL to
do this; something like:
ip access-list extended block-www
deny tcp 1.2.3.4 0.0.0.255 host 5.6.7.8 eq www
deny tcp 1.2.3.4 0.0.0.255 host 5.6.7.8 eq 443
permit ip any any
!
int fa0/0
ip access-group block-www in
In the example above, network 1.2.3.4/24 is blocked from
accessing HTTP and HTTPS resources on web server
5.6.7.8. For good measure, you could even write another
ACL that does the same, only in the opposite direction
(but that's not really necessary).
Hope this helps.
Mark.
>
>
>
>
>
> Thanks a lot.
>
>
>
>
>
> Moussa K BAGAYOKO
>
> Cadre Informaticien
>
> Banque de Développement du Mali
>
> Av Modibo KEITA Bamako MALI
>
> Tel: +223 222 31 84
>
> +233 630 40 53
More information about the afnog
mailing list