Practice of setting a route table to restrict Website access

Source: Internet
Author: User
Tags website ip


Practice of setting a route table to restrict Website access
The website that received this experiment: for short, "website", PING the website domain name and obtain the IP address. The IP address ends with. 69 www.2cto.com. Then, we can find out how many hops the route goes through under tracert.
Www.2cto.com uses SolarWinds. Engineers to scan the IP address segment of the website. We know that there is a Cisco router in the website CIDR block, which transmits data through IP addresses and websites. This CISCO is probably required for forwarding and forwarding. After a while, I successfully logged on to the CISCO router. And query the configuration table, interface information, protocol type, etc. By editing and setting the route table, you can make the test site inaccessible.
Access-list 101 deny ip host website IP address any
Access-list 101 permit ip any
After the input is executed, the website cannot be accessed. Instructions for restoring Website access:
No access-list 101 deny ip host website IP any
Enter and run the command to restore the website. For example, you can specify which IP addresses cannot access the website, which ports cannot be accessed, and the protocol type. We can see that the command does not allow IP addresses ending with. 124 to access port 80 of the website over TCP.
The router mask is the opposite of the usual PC mask. For example, vro 255.255.0 of the PC is 0.0.0.255 in the routing table.
Input command execution, ending. 124 of IP hosts are no longer able to access the website through port 80. We can climb the wall to solve this problem for certain IP addresses or IP address segments ~~ You know.
Www.2cto.com PS:
As long as the website passes through the CISCO router to forward data, there is a hidden danger of restricted access. Therefore, after the system administrator completes the server security, the network administrator also needs to maintain the security of the routing and other devices.
It is best to add the following sentence: no snmp

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.