Cisco ASA Series Cli Configuration Manual page 587
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Adding a Webtype Access Control List
•
•
Adding Webtype Access Lists with a URL String
To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:
Command
access-list access_list_name webtype {deny
| permit} url [url_string | any]
[log[[disable | default] | level] interval
secs][time_range name]]
Example:
hostname(config)# access-list acl_company
webtype deny url http://*.cisco.example
Create an access list by adding an ACE and applying an access list name. See the
Access Lists" section on page
Apply the access list to an interface. See the
more information.
Purpose
Adds an access list to the configuration that supports filtering for
WebVPN.
The access_list_name argument specifies the name or number of an access
list.
The any keyword specifies all URLs.
The deny keyword denies access if the conditions are matched.
The interval option specifies the time interval at which to generate system
log message 106100; valid values are from 1 to 600 seconds.
The log [[disable | default] | level] option specifies that system log
message 106100 is generated for the ACE. When the log optional keyword
is specified, the default level for system log message 106100 is 6
(informational). See the log command for more information.
The permit keyword permits access if the conditions are matched.
The time_range name option specifies a keyword for attaching the
time-range option to this access list element.
The url keyword specifies that a URL be used for filtering.
The url_string option specifies the URL to be filtered.
You can use the following wildcard characters to define more than one
wildcard in the Webtype access list entry:
•
•
•
Note
To remove an access list, use the no form of this command with the
complete syntax string as it appears in the configuration.
1-2.
"Configuring Access Rules" section on page 1-7
Enter an asterisk "*" to match no characters or any number of
characters.
Enter a question mark "?" to match any one character exactly.
Enter square brackets "[]" to create a range operator that matches any
one character in a range.
To match any http URL, you must enter http://*/* instead of the
former method of entering http://*.
Cisco ASA Series CLI Configuration Guide
Using Webtype Access Lists
"Using Webtype
for
1-3
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
