Re: RE : MQC to filter MIME-types

From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Sat Sep 18 2004 - 08:45:37 GMT-3

• Next message: Yunming Song: "Cisco equipment available"
• Previous message: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Maybe in reply to: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Next in thread: Joseph D. Phillips: "Re: RE : MQC to filter MIME-types"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Well, there are two concepts/things: names and content. Content type to
be more precise.

URL matches are on names, those that we are used to have with extensions
denoting content type.

Then MIME matches are on MIME content type.

If you see in the type/subtype table, there is no jpg there. Type is
image, subtype is jpeg. But in windows, the associated extension is jpg.
If the http server was a unix based one, the associated extension would
have been jpeg.

If you want to filter on content type, then match protocol http mime
would be the choice. But as we are used to file names denoting content
type, match protocol http url can also be used. If you are told about
filtering *.jpg, then we are talking about names, not content type.

HTH.

Richard Dumoulin wrote:

> Here I have to disagree. With the "match protocol http url" command you
> are matching http traffic by the url.
> Jpg, jpeg etc... are mime types so to match traffic based on this you
> have to use the "match protocol http mime ..." command,
>
> http://www.isi.edu/in-notes/iana/assignments/media-types/media-types
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_r/qrfcmd5.htm#wp1066747
>
>
>
> --Richard
>
>
> -----Message d'origine-----
> De : Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
> Envoyi : Saturday, September 18, 2004 12:24 PM
> @ : Julian Skelley
> Cc : Joseph D. Phillips; group study
> Objet : Re: MQC to filter MIME-types
>
> AFAIK, "protocol http mime" is for mime type, so "*image*" might be a
> good parameter to it.
> "protocol http url" should be used for matching the actual URL, usually
> a file name, thus "*jpg" would work.
> protocol http url "*.(jpg|bmp|gif|jpeg)" can be used instead of multiple
> lines.
>
>
> Julian Skelley wrote:
>
> > Hi Joseph
> >
> > I tried this last night with no success, I have set it up as the doc
> suggest but can not seem to "catch" anything with the map.
>
> >
> > I must have missed something but I am not sure what?!
> >
> > Can anyone help?
> >
> > Thanks
> > J
> >
> > The set up was:
> >
> > WWW_SERVER---174.1.167.x---[r6]---174.1.26.x---BROWSER
> >
> > r6
> > ip cef
> > !
> > class-map match-any PICS
> > match protocol http mime "*jpg"
> > match protocol http mime "*gif"
> > match protocol http mime "*jpeg"
> > !
> > policy-map HTTP_OUT
> > class PICS
> > drop
> > !
> > interface FastEthernet0/0.26
> > encapsulation dot1Q 26
> > ip address 174.1.26.6 255.255.255.0
> > service-policy output HTTP_OUT
> >
> > r6#sh policy-map int f0/0.26
> > FastEthernet0/0.26
> >
> > Service-policy input: HTTP_OUT
> >
> > Class-map: PICS (match-any)
> > 0 packets, 0 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: protocol http mime "*jpg"
> > 0 packets, 0 bytes
> > 5 minute rate 0 bps
> > Match: protocol http mime "*gif"
> > 0 packets, 0 bytes
> > 5 minute rate 0 bps
> > Match: protocol http mime "*jpeg"
> > 0 packets, 0 bytes
> > 5 minute rate 0 bps
> > drop
> >
> > Class-map: class-default (match-any)
> > 5972 packets, 434656 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: any
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Joseph D. Phillips
> > Sent: 17 September 2004 17:52
> > To: group study
> > Subject: MQC to filter MIME-types
> >
> >
> > If you wanted to filter out all picture files from entering an
> > interface, would you have to specify every extension, using MQC? Or is
> > there a way to filter them all at once?
> >
> > E.g. match protocol http mime "*jpeg"
> > E.g. match protocol http mime "*tiff"
> > E.g. match protocol http mime "*jpg"
> > E.g. match protocol http mime "*gif"
> > E.g. match protocol http mime "*bmp"
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> > *********************************************************
> > CONFIDENTIALITY NOTICE
> > The information contained in this e-mail and any
> > attachments to it are for the exclusive use of the
> > intended recipient(s).
> > It may be confidential and contain privileged information and will be
> protected by copyright.
> > If you are not the intended recipient(s) you must not review, copy,
> distribute or in any other way use or rely on the information contained
> in the message.
>
> >
> > If you have received this e-mail in error, please notify us by e-mail
> Administrator@itex.je, Tel: +44 1534 633633 or Fax: +44 1534 633644 and
> then delete all copies from your system.
>
> >
> > http://www.Itex.je
> > http://www.Itex.gg
> > http://www.ThisisJersey.com
> > http://www.ThisisGuernsey.com
> >
> > *********************************************************
> >
> > This message has been checked for all known viruses by e:)scan. For
> further information visit: http://www.activis.com/
>
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> **********************************************************************
> Any opinions expressed in the email are those of the individual and not
> necessarily the company. This email and any files transmitted with it
> are confidential and solely for the use of the intended recipient. If
> you are not the intended recipient or the person responsible for
> delivering it to the intended recipient, be advised that you have
> received this email in error and that any dissemination, distribution,
> copying or use is strictly prohibited.
>
> If you have received this email in error, or if you are concerned with
> the content of this email please e-mail to: e-security.support@vanco.info
>
> The contents of an attachment to this e-mail may contain software
> viruses which could damage your own computer system. While the sender
> has taken every reasonable precaution to minimise this risk, we cannot
> accept liability for any damage which you sustain as a result of
> software viruses. You should carry out your own virus checks before
> opening any attachments to this e-mail.
> **********************************************************************

-- 
Carlos G Mendioroz  <tron@huapi.ba.ar>  LW7 EQI  Argentina

• Next message: Yunming Song: "Cisco equipment available"
• Previous message: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Maybe in reply to: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Next in thread: Joseph D. Phillips: "Re: RE : MQC to filter MIME-types"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:45 GMT-3