Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

ACL QUERY REGARDING - HTTP BROWSER/WEB SERVER

Hi if I want to block 'Web access' via a 'browser' for 'All users' 'Except' for a specific user, I would do the following for example

Just for this scenario Ive missed out 'ip address etc for eg!!!

Router

Int fa0/0
ip access-group 101 in
no shut

access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

obviously normally ' ip http server' is already by default on the router and if I wanted everyone connected 'NOT' to use the 'Web browser - http://x.x.x.x - I would add :  no ip http server

What I wish to know about is if I wish to block my 'Website' which happens to run on my actual company 'Server', which I think is then known as the 'Intranet', how would I block this or am I getting confused with the above example?
0
mikey250
Asked:
mikey250
  • 4
  • 3
2 Solutions
 
snickeredCommented:
'ip http server' runs an http server on the router itself.  It has nothing to do with your users being able to browse the internet.  If you wanted to allow a single host (192.168.1.10) and deny all others from browsing the network 10.0.0.0/24 then your ACLs would be like this:

access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

That is assuming 192.168.1.0/24 is on the fa0/0 interface. e.g. 192.168.1.0/24 -> ( fa0/0 ROUTER fa0/1 ) -> 10.0.0.0/24
0
 
mikey250Author Commented:
Hi snickered,  Yes that 'ACL' is identical to my main thread!!!

So if Ive got a website up and running on my actual server, although Ive configured a specific host to be 'permitted access' via www, how would I block access to the website specifically or Im assuming that I would not do it that way as I either block port 80/www, which has already been done or I just block access to the specific Server running the website?
0
 
mikey250Author Commented:
Obviously I cannot actually access a website via means of 'ACL's, as I would then have to use some 'VNC' software for example to allow this type of access onto the actual server itself!!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
snickeredCommented:
You wrote:

access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www

I wrote:

access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www

See the difference now?  

Let's say you have a network of 192.168.1.0/24 on the fa0/0 interface and another network of 10.0.0.0/24 on the fa0/1 interface.  If there was a web server located on the 10.0.0.0/24 network and wanted only the host of 192.168.1.10 to access tcp port 80 on the 10.0.0.0/24 network then you would do:

access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

int fa0/0
ip access-group 101 in
no shut

Open in new window


And as you already know you would have to set an IP address on your fa0/0 interface.

0
 
mikey250Author Commented:
Hi Snickered,  Ive tested both and both work!! Yes Ip addresses would be added!!

access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

int fa0/0
ip access-group 101 in
no shut

or

access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www

Int fa0/0
ip access-group 101 in
no shut
0
 
snickeredCommented:
It works?  That's great!  Assign points if your question is answered.
0
 
mikey250Author Commented:
Sound advice!!!!!!!
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now