18-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter18 Adding a Webtype Access List
Using Webtype Access Lists
Adding Webtype Access Lists with a URL String
To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:
Command Purpose
access-list access_list_name webtype {deny
| permit} url [url_string | any]
[log[[disable | default] | level] interval
secs][time_range name]]
Example:
hostname(config)# access-list acl_company
webtype deny url http://*.cisco.example
Adds an access list to the configuration that supports filtering for
WebVP N.
The access_list_name argument specifies the name or number of an access
list.
The any keyword specifies all URLs.
The deny keyword denies access if the conditions are matched.
The interval option specifies the time interval at which to generate system
log message 106100; valid values are from 1 to 600 seconds.
The log [[disable | default] | level] option specifies that system log
message 106100 is generated for the ACE. When the log optional keyword
is specified, the default level for system log message 106100 is 6
(informational). See the log command for more information.
The permit keyword permits access if the conditions are matched.
The time_range name option specifies a keyword for attaching the
time-range option to this access list element.
The url keyword specifies that a URL be used for filtering.
The url_string option specifies the URL to be filtered.
You can use the following wildcard characters to define more than one
wildcard in the Webtype access list entry:
Enter an asterisk “*” to match no characters or any number of
characters.
Enter a question mark “?” to match any one character exactly.
Enter square brackets “[]” to create a range operator that matches any
one character in a range.
Note To match any http URL, you must enter http://*/* instead of the
former method of entering http://*.
To remove an access list, use the no form of this command with the
complete syntax string as it appears in the configuration.