Hi experts. We have a 2811 CME system running with two routed subnets. One is for management (192.168.1..../24), the other (192.168.2.../24) for the offices. I have put an ACL on the office subnet, everything's fine here. But... how to block http request to the router, so that loading the 2811's http server is not possible ? Of course WWW is still needed. Because we need the http server on the management, disabling in the 2811 is no option. Thanks for any clues !
Chris
Block http with a destination of the router's internal IP, on the internal interface, rather than blocking on port 80 period. This can be done with an extended access list. This should block only web traffic going to that one address. Or just turn off the web management period...much more effective.
Are you trying to block access to the router's HTTP server so that it cannot be accessed from the outside, or are you trying to restrict access to the router's HTTP server so that most inside hosts cannot access it but a few systems can ?
Also have a look at "ip http access-class..."
access-list 101 remark ***** access-list 101 remark * Cisco 2811 Router interface FastEthernet1/0 inbound access-list 101 remark ***** access-list 101 remark * Do not allow web management of the router access-list 101 deny tcp any host 192.168.2.1 eq 80 access-list 101 remark * Allow allow all other traffic, including HTTP elsewhere access-list 101 permit ip any any
----- Scott Perry Indianapolis, IN
-----
Block http with a destination of the router's internal IP, on the internal interface, rather than blocking on port 80 period. This can be done with an extended access list. This should block only web traffic going to that one address. Or just turn off the web management period...much more effective.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.