In his example, yes, that's as fara s he takes it. However the product can do much more:<div><br></div><div><div><font class="Apple-style-span" face="'courier new', monospace">! HTTP Inspection</font></div><div>
<div><font class="Apple-style-span" face="'courier new', monospace">class-map type inspect http match-any http_url_inspection_class</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> ! Matches the host portion like you said</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> match request header host regex class http_host_keywords</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> ! Matches the URI path like I was saying "ccmadmin", "ccmuser", etc.</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> match request uri regex class uri_path_keywords</font></div><div><font class="Apple-style-span" face="'courier new', monospace"> ! Matches the query string params "device=SEP111122223333", etc.</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace"> match request args regex class query_param_keywords</font></div></div><div><br></div><div>Now, from your other reply, about ccmuser pointing to ccmadmin resources, that makes this a bit trickier, but not an invalid solution.</div>
<div><br></div>Anthony</div><div><br><div class="gmail_quote">On Fri, Feb 25, 2011 at 9:07 AM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#FFFFFF"><div>As far as I know, you can not filter past the domain name, i.e. part of the URL path itself. Since they're both going to the same host, I don't believe this will help. <br><br>Sent from my iPhone</div>
<div><div></div><div class="h5"><div><br>On Feb 25, 2011, at 10:01 AM, Anthony Holloway <<a href="mailto:avholloway+cisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@gmail.com</a>> wrote:<br><br></div><div>
</div><blockquote type="cite"><div>One possible solution: You could implement a firewall solution which filters traffic such that only your desired personnel can access the ccmadmin page.<div><br></div><div>Check this posting by our community member go0se for a filtering by URL on an ASA tutorial: <a href="http://atc.go0se.com/?p=904" target="_blank"></a><a href="http://atc.go0se.com/?p=904" target="_blank">http://atc.go0se.com/?p=904</a></div>
<div><br></div><div><a href="http://atc.go0se.com/?p=904" target="_blank"></a>Anthony<br><br><div class="gmail_quote">On Fri, Feb 25, 2011 at 7:56 AM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank"></a><a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm just wondering what others are doing to deliver CCMuser pages and/or equivalent while protecting the CCMadmin pages.<br>
<br>
As far as I know, you can not change the port on which CCMadmin pages are served. This means someone who can reach the CCMuser pages can also reach the CCMadmin pages.<br>
<br>
In this world of people writing passwords on post-it notes, weak passwords, shared passwords, workstations without proper protection, etc., thus worries me. Our environment here can be considered a bit 'hostile' since we're not using NAC on our wired ports and all ports are pretty much open. I'm not sure even VPN would help, since the same passwords are used, so a stollen password would get them through that.<br>
<br>
In the past we have used a reverse proxy which has worked well, but I'm finding it difficult to find support to get that working again. I'm also not sure if that is directional.<br>
<br>
What have others done to protect CCMadmin pages? Or have they simply implemented things using AXL?<br>
<br>
Anybody seen any packaged AXL solutions that can deliver what CCMuser pages can deliver?<br>
<br>
Sent from my iPhone<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank"></a><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank"></a><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div><br></div>
</div></blockquote></div></div></div></blockquote></div><br></div>