From: sumedh rangari (sumedhr@gtllimited.com)
Date: Mon Sep 22 2003 - 04:29:00 GMT-3
Hi Tim,
Thanks for the prompt response.
Yes, i have tried with and without Quotes.
The Sample Config which i had used for my config is taken from the same document whic you have referred.
"The following example classifies, within class map foo, HTTP packets based on any URL containing the string whatsnew/latest followed by zero or more characters:
class-map foo
match protocol http url whatsnew/latest*
The following example classifies, within class map foo, packets based on any HOST name containing the string cisco followed by zero or more characters:
class-map foo
match protocol http host cisco*
The following example classifies, within class map foo, packets based on the JPEG MIME type:
class-map foo
match protocol http mime "*jpeg" "
Also the IP Cef was kept enabled during the last testing.
In the configuration example mentioned in your mail, it will block all URLs consisting of "/transact/" .
we want to block it if the necessary string appears in a particaluar website URL only.
Thanks & Regards
Sumedh
-----Original Message-----
From: Snow, Tim [mailto:timothy.snow@eds.com]
Sent: Monday, September 22, 2003 12:44 PM
To: sumedh rangari
Cc: 'ccielab@groupstudy.com'
Subject: RE: Traffic filtering on Router based on URLs
Can you try using your match statement with "" (quotes) per the following
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121
limit/121e/121e2/nbar2e.htm#xtocid2979330
Step 1 Classify all secure HTTP and HTTP traffic for the /transact/
directory:
Router(config)# class-map match-all http_transact
Router(config-cmap)# match protocol http url "/transact/*"
Router(config)# class-map match-all http_secure
Router(config-cmap)# match protocol secure-http
Router(config)# class-map match-any ecommerce
Router(config-cmap)# match class-map http_transact
Router(config-cmap)# match class-map http_secure
Although there are also configuration examples where they don't use the ""
You do have CEF turned on right?
Tim
#12042
-----Original Message-----
From: sumedh rangari [mailto:sumedhr@gtllimited.com]
Sent: Monday, September 22, 2003 2:11 AM
To: Ccielab (E-mail)
Subject: Traffic filtering on Router based on URLs
Hi Guys,
We had tried unsucessfully to filter traffic based on URLs
Matching Criteria : If the URL contains www.abc.com and /group/xyz then the
the HTTP request packet should be dropped. Allow HTTP request to other
groups on www.abc.com
Allow HTTP request to all Websites.
Tried Solution :
class-map match-all abc_groups
match protocol host www.abc.com
match protocol http url /group/xyz
policy-map drop-outbound-abc-http
class abc_groups
police cir 1000000 bc 31250 be 31250
conform-action drop
exceed-action drop
interface Serial11/1/2
Description " Internet Link"
service-policy output drop-outbound-abc-http
This solution doesnt seem to work.
Pls revert back with alternative solutions for the same or any corrections
in the above Solution.
rgds
Sumedh R
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:33 GMT-3