Re: RE : MQC to filter MIME-types

From: Joseph D. Phillips (josephdphillips@fastmail.us)
Date: Sat Sep 18 2004 - 10:41:31 GMT-3

• Next message: john matijevic: "RE: RE : NAT"
• Previous message: alsontra@hotmail.com: "Re: Frame Relay Voice Fragmentation"
• Maybe in reply to: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you very much.

Carlos G Mendioroz wrote:

> Well, there are two concepts/things: names and content. Content type
> to be more precise.
>
> URL matches are on names, those that we are used to have with
> extensions denoting content type.
>
> Then MIME matches are on MIME content type.
>
> If you see in the type/subtype table, there is no jpg there. Type is
> image, subtype is jpeg. But in windows, the associated extension is jpg.
> If the http server was a unix based one, the associated extension
> would have been jpeg.
>
> If you want to filter on content type, then match protocol http mime
> would be the choice. But as we are used to file names denoting content
> type, match protocol http url can also be used. If you are told about
> filtering *.jpg, then we are talking about names, not content type.
>
> HTH.
>
> Richard Dumoulin wrote:
>
>> Here I have to disagree. With the "match protocol http url" command
>> you are matching http traffic by the url.
>> Jpg, jpeg etc... are mime types so to match traffic based on this you
>> have to use the "match protocol http mime ..." command,
>>
>> http://www.isi.edu/in-notes/iana/assignments/media-types/media-types
>>
>> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_r/qrfcmd5.htm#wp1066747
>>
>>
>>
>> --Richard
>>
>>
>> -----Message d'origine-----
>> De : Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
>> Envoyi : Saturday, September 18, 2004 12:24 PM
>> @ : Julian Skelley
>> Cc : Joseph D. Phillips; group study
>> Objet : Re: MQC to filter MIME-types
>>
>> AFAIK, "protocol http mime" is for mime type, so "*image*" might be a
>> good parameter to it.
>> "protocol http url" should be used for matching the actual URL, usually
>> a file name, thus "*jpg" would work.
>> protocol http url "*.(jpg|bmp|gif|jpeg)" can be used instead of multiple
>> lines.
>>
>>
>> Julian Skelley wrote:
>>
>> > Hi Joseph
>> >
>> > I tried this last night with no success, I have set it up as the
>> doc suggest but can not seem to "catch" anything with the map.
>>
>> >
>> > I must have missed something but I am not sure what?!
>> >
>> > Can anyone help?
>> >
>> > Thanks
>> > J
>> >
>> > The set up was:
>> >
>> > WWW_SERVER---174.1.167.x---[r6]---174.1.26.x---BROWSER
>> >
>> > r6
>> > ip cef
>> > !
>> > class-map match-any PICS
>> > match protocol http mime "*jpg"
>> > match protocol http mime "*gif"
>> > match protocol http mime "*jpeg"
>> > !
>> > policy-map HTTP_OUT
>> > class PICS
>> > drop > !
>> > interface FastEthernet0/0.26
>> > encapsulation dot1Q 26
>> > ip address 174.1.26.6 255.255.255.0
>> > service-policy output HTTP_OUT
>> >
>> > r6#sh policy-map int f0/0.26
>> > FastEthernet0/0.26
>> >
>> > Service-policy input: HTTP_OUT
>> >
>> > Class-map: PICS (match-any)
>> > 0 packets, 0 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: protocol http mime "*jpg"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http mime "*gif"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > Match: protocol http mime "*jpeg"
>> > 0 packets, 0 bytes
>> > 5 minute rate 0 bps
>> > drop
>> >
>> > Class-map: class-default (match-any)
>> > 5972 packets, 434656 bytes
>> > 5 minute offered rate 0 bps, drop rate 0 bps
>> > Match: any
>> >
>> > -----Original Message-----
>> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
>> Behalf Of
>> > Joseph D. Phillips
>> > Sent: 17 September 2004 17:52
>> > To: group study
>> > Subject: MQC to filter MIME-types
>> >
>> >
>> > If you wanted to filter out all picture files from entering an
>> > interface, would you have to specify every extension, using MQC?
>> Or is
>> > there a way to filter them all at once?
>> >
>> > E.g. match protocol http mime "*jpeg"
>> > E.g. match protocol http mime "*tiff"
>> > E.g. match protocol http mime "*jpg"
>> > E.g. match protocol http mime "*gif"
>> > E.g. match protocol http mime "*bmp"
>> >
>> >
>> _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> > *********************************************************
>> > CONFIDENTIALITY NOTICE
>> > The information contained in this e-mail and any
>> > attachments to it are for the exclusive use of the
>> > intended recipient(s).
>> > It may be confidential and contain privileged information and will
>> be protected by copyright.
>> > If you are not the intended recipient(s) you must not review,
>> copy, distribute or in any other way use or rely on the information
>> contained in the message.
>>
>> >
>> > If you have received this e-mail in error, please notify us by
>> e-mail Administrator@itex.je, Tel: +44 1534 633633 or Fax: +44 1534
>> 633644 and then delete all copies from your system.
>>
>> >
>> > http://www.Itex.je
>> > http://www.Itex.gg
>> > http://www.ThisisJersey.com
>> > http://www.ThisisGuernsey.com
>> >
>> > *********************************************************
>> >
>> > This message has been checked for all known viruses by e:)scan.
>> For further information visit: http://www.activis.com/
>>
>> >
>> >
>> _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>>
>> --
>> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>> **********************************************************************
>> Any opinions expressed in the email are those of the individual and
>> not necessarily the company. This email and any files transmitted
>> with it are confidential and solely for the use of the intended
>> recipient. If you are not the intended recipient or the person
>> responsible for delivering it to the intended recipient, be advised
>> that you have received this email in error and that any
>> dissemination, distribution, copying or use is strictly prohibited.
>>
>> If you have received this email in error, or if you are concerned
>> with the content of this email please e-mail to:
>> e-security.support@vanco.info
>>
>> The contents of an attachment to this e-mail may contain software
>> viruses which could damage your own computer system. While the sender
>> has taken every reasonable precaution to minimise this risk, we
>> cannot accept liability for any damage which you sustain as a result
>> of software viruses. You should carry out your own virus checks
>> before opening any attachments to this e-mail.
>> **********************************************************************
>
>

• Next message: john matijevic: "RE: RE : NAT"
• Previous message: alsontra@hotmail.com: "Re: Frame Relay Voice Fragmentation"
• Maybe in reply to: Richard Dumoulin: "RE : MQC to filter MIME-types"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Oct 01 2004 - 15:00:46 GMT-3