34-9
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 34 Configuring Filtering Services
Filtering URLs and FTP Requests with an External Server
>—Greater than. For example, >tcp/2000.
- —Range. For example, tcp/2000-3000.
–
Enter a well-known service name, such as HTTP or FTP.
–
Click the ellipses to display the Browse Service dialog box. Choose a service from the
drop-down list.
• Choose the action to take when the URL exceeds the specified size from the drop-down list.
• Check the Allow outbound traffic if URL server is not available check box to connect without
URL filtering being performed. When this check box is unchecked, you cannot connect to Internet
websites if the URL server is unavailable.
• Check the Block users from connecting to an HTTP proxy server check box to prevent HTTP
requests made through a proxy server.
• Check the Truncate CGI parameters from URL sent to URL server check box to have the
adaptive security appliance forward only the CGI script location and the script name, without any
parameters, to the filtering server.
• Click OK to close this dialog box.
• Click Apply to save your changes.
Step 6 If you chose Add Filter HTTPS Rule, specify the following settings:
• Click one of the following radio buttons: Filter HTTPS or Do not filter HTTPS.
• Enter the source of the traffic to which the filtering action applies. To enter the source, choose from
the following options:
–
Enter any to indicate any source address.
–
Enter a hostname.
–
Enter an IP address and optional network mask. You can express the netmask in CIDR or dotted
decimal notation. For example, you can enter 10.1.1.0/24 or 10.1.1.0/255.255.255.0.
–
Click the ellipses to display the Browse Source dialog box. Choose a host or address from the
drop-down list.
• Enter the destination of the traffic to which the filtering action applies. To enter the source, choose
from the following options:
–
Enter any to indicate any destination address.
–
Enter a hostname.
–
Enter an IP address and optional network mask. You can express the netmask in CIDR or dotted
decimal notation. For example, you can enter 10.1.1.0/24 or 10.1.1.0/255.255.255.0.
–
Click the ellipses to display the Browse Destination dialog box. Choose a host or address from
the drop-down list.
• Identify the service of the traffic to which the filtering action applies. To identify the service, enter
one of the following:
–
tcp/port—The port number can range from 1 to 65535. Additionally, you can use the following
modifiers with the TCP service:
!=—Not equal to. For example, !=tcp/443
<—Less than. For example, <tcp/2000.
>—Greater than. For example, >tcp/2000.
- —Range. For example, tcp/2000-3000.
To Next Page
Loading...
Need help?
General
