18-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter18 Adding a Webtype Access List
What to Do Next
Adding Remarks to Access Lists
You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard,
and Webtype access lists. The remarks make the access list easier to understand.
To add a remark after the last access-list command you entered, enter the following command:
Example
You can add a remark before each ACE, and the remarks appear in the access list in these locations.
Entering a dash (-) at the beginning of a remark helps set it apart from an ACE.
hostname(config)# access-list OUT remark - this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark - this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any
What to Do Next
Apply the access list to an interface. See the “Configuring Access Rules” section on page34-7 for more
information.
Monitoring Webtype Access Lists
To monitor webtype access lists, enter the following command:
Configuration Examples for Webtype Access Lists
The following example shows how to deny access to a specific company URL:
hostname(config)# access-list acl_company webtype deny url http://*.example.com
Command Purpose
access-list access_list_name remark text
Example:
hostname(config)# access-list OUT remark -
this is the inside admin address
Adds a remark after the last access-list command you entered.
The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.
If you enter the remark before any access-list command, then the remark
is the first line in the access list.
If you delete an access list using the no access-list access_list_name
command, then all the remarks are also removed.
Command Purpose
show running-config access list Displays the access-list configuration running on
the ASA.