mikey250
asked on
ACL QUERY REGARDING - HTTP BROWSER/WEB SERVER
Hi if I want to block 'Web access' via a 'browser' for 'All users' 'Except' for a specific user, I would do the following for example
Just for this scenario Ive missed out 'ip address etc for eg!!!
Router
Int fa0/0
ip access-group 101 in
no shut
access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
obviously normally ' ip http server' is already by default on the router and if I wanted everyone connected 'NOT' to use the 'Web browser - http://x.x.x.x - I would add : no ip http server
What I wish to know about is if I wish to block my 'Website' which happens to run on my actual company 'Server', which I think is then known as the 'Intranet', how would I block this or am I getting confused with the above example?
Just for this scenario Ive missed out 'ip address etc for eg!!!
Router
Int fa0/0
ip access-group 101 in
no shut
access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
obviously normally ' ip http server' is already by default on the router and if I wanted everyone connected 'NOT' to use the 'Web browser - http://x.x.x.x - I would add : no ip http server
What I wish to know about is if I wish to block my 'Website' which happens to run on my actual company 'Server', which I think is then known as the 'Intranet', how would I block this or am I getting confused with the above example?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Obviously I cannot actually access a website via means of 'ACL's, as I would then have to use some 'VNC' software for example to allow this type of access onto the actual server itself!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Snickered, Ive tested both and both work!! Yes Ip addresses would be added!!
access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
int fa0/0
ip access-group 101 in
no shut
or
access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
Int fa0/0
ip access-group 101 in
no shut
access-list 101 permit tcp host 192.168.1.10 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
int fa0/0
ip access-group 101 in
no shut
or
access-list 101 permit tcp host 192.168.1.10 0.0.0.255 10.0.0.0 0.0.0.255 eq www
access-list 101 deny tcp 192.168.1.0 0.0.0.255 10.0.0.0 0.0.0.255 eq www
Int fa0/0
ip access-group 101 in
no shut
It works? That's great! Assign points if your question is answered.
ASKER
Sound advice!!!!!!!
ASKER
So if Ive got a website up and running on my actual server, although Ive configured a specific host to be 'permitted access' via www, how would I block access to the website specifically or Im assuming that I would not do it that way as I either block port 80/www, which has already been done or I just block access to the specific Server running the website?