Re: Security Question from Haroon on 2012-08-13 (Ccielab archives 08/2012)

From: Haroon <itguy.pro_at_gmail.com>
Date: Mon, 13 Aug 2012 10:04:04 -0400

sameer,

i just came to work and did this at our "router level" aka
production/internet router (why can't you just say on a ROUTER, wth is
router level?)

access-list 101 remark BLOCK_INTERNET_START
access-list 101 deny tcp host 192.168.66.124 any eq 443
access-list 101 permit tcp host 192.168.66.124 any eq 80
access-list 101 permit ip any any
access-list 101 remark BLOCK_INTERNET_END

blocks host 66.124 access to port 443 aka https but allows port 80 aka http
which is why i could get on http://www.facebook.com but could not logon as
it uses https for that... you can apply that to an interface... using this;

ip access-group 101 in

and it works!

On Mon, Aug 13, 2012 at 8:36 AM, sameer inam <i_sameer_at_hotmail.com> wrote:

> you are smelling WRONG MY FRIEND
>
>
>
> ------------------------------
> Date: Mon, 13 Aug 2012 15:40:46 +0530
> Subject: Re: Security Question
> From: ccie.butcher_at_gmail.com
> To: itguy.pro_at_gmail.com
> CC: i_sameer_at_hotmail.com; ccielab_at_groupstudy.com
>
>
> I am smelling a sweet fragerance of CCIECERT/PCL from him.
>
> On Mon, Aug 13, 2012 at 11:47 AM, Haroon <itguy.pro_at_gmail.com> wrote:
>
> sameer, you are not doing that # justice.. google it up dood
>
>
> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_url_filtering.html
>
>
>
>
> On Mon, Aug 13, 2012 at 1:46 AM, sameer inam <i_sameer_at_hotmail.com> wrote:
>
> > Gents,
> > Can we block https traffic on router level ? if yes could you please send
> > me
> > document
> > Appreciate your kind help as always
> > Sameer
> >
> > CCIE#29978
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
> --
> Thanks and Regards
>
> ---------------------------------------------------------------------------
> Make them tensed who is creating tensions for you

Blogs and organic groups at http://www.ccie.net
Received on Mon Aug 13 2012 - 10:04:04 ART

This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART