18-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter18 Adding a Webtype Access List
Default Settings
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to Webtype access lists:
The access-list webtype command is used to configure clientless SSL VPN filtering. The URL
specified may be full or partial (no file specified), may include wildcards for the server, or may
specify a port. See the “Adding Webtype Access Lists with a URL String” section on page18-3 for
information about using wildcard characters in the URL string.
Valid protocol identifiers are http, https, cifs, imap4, pop3, and smtp. The RL may also contain the
keyword any to refer to any URL. An asterisk may be used to refer to a subcomponent of a DNS
name.
Default Settings
Table18-1 lists the default settings for Webtype access lists parameters.
Using Webtype Access Lists
This section includes the following topics:
Task Flow for Configuring Webtype Access Lists, page18-2
Adding Webtype Access Lists with a URL String, page18-3
Adding Webtype Access Lists with an IP Address, page18-4
Adding Remarks to Access Lists, page 18-5

Task Flow for Configuring Webtype Access Lists

Use the following guidelines to create and implement an access list:
Create an access list by adding an ACE and applying an access list name. See the “Using Webtype
Access Lists” section on page 18-2.
Apply the access list to an interface. See the “Configuring Access Rules” section on page 34-7 for
more information.
Table18-1 Default Webtype Access List Parameters
Parameters Default
deny The ASA denies all packets on the originating
interface unless you specifically permit access.
log Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.