From: ccie2be (ccie2be@nyc.rr.com)
Date: Thu Nov 11 2004 - 18:57:26 GMT-3
Andy,
Thanks again for getting back to me.
Just let me make sure I fully understand you.
If I want to block web surfers from seeing any pictures in any format I
would do this:
class-map IMAGES
match prot http url "*images*"
or
match prot http mime "*images*"
Either one will work, but the 1st one is more efficient. Have I got that
right?
Now, is it possible using just 1 single match prot http command to specify
both jpeg and bmp or do I need multiple match prot statements?
For example, will this work?
class-map JPEG-&-BMP
match prot http mime "*jpeg | *bmp"
Thanks, Tim
----- Original Message -----
From: "Andy" <AndyMrozek@yahoo.com>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; <swm@emanon.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Thursday, November 11, 2004 3:43 PM
Subject: RE: match protocol http [ url vs mime ]
> I have tried both url / mime type ... Both work ,as I have webserver and
> traffic generator .. In my opionon though I would use mime type as it
seems
> to drop it alot faster , and doesnt use as many network resourced , with a
> sniffer in the path between client / server you see lots of attempts from
> client to keep pulling information when using url type , but only a few
when
> using mime type , the only thing I thing about mime type we need to know
the
> various image types for example I had done "*image*" and it was blocking
> .bmp , .jpg, .gif so if you only are required to say block .bmp I think
then
> you can use mime type unless there is a way to only block .bmp mime type
but
> say let .jpg through...
>
> -Andy
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> ccie2be
> Sent: Thursday, November 11, 2004 12:27 PM
> To: swm@emanon.com; 'Group Study'
> Subject: Re: match protocol http [ url vs mime ]
>
>
> Hi Scott,
>
> Thanks for getting back to me.
>
> Before I posted the questions below I did a google and found the rfc for
> mime. Here's the link for anyone interested:
>
> http://www.mhonarc.org/~ehood/MIME/2045/rfc2045.html
>
> I started reading it but after a while my eyes glazed over and I didn't
find
> anything that actually helped me figure out whether I should use the url
or
> mime parameter of the match prot http command to accomplish this task.
>
> Maybe my brain isn't in good working order at the moment, but after
reading
> your response, I'm still not sure whether I should use the url or mime
> parameter in the match protocol http command to classify jpeg's, gif's,
> mpeg's, etc.
>
> So, let's say I want to block web surfers from downloading jpeg's and
avi's.
>
> Would I use
>
> match prot http url "*jpeg | *avi"
>
> or
>
> match prot http mime "*jpeg | *avi"
>
> Notice that I used the bar | to specify either jpeg OR avi. Is that OK?
>
> Thanks, Tim
>
> ----- Original Message -----
> From: "Scott Morris" <swm@emanon.com>
> To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> <ccielab@groupstudy.com>
> Sent: Thursday, November 11, 2004 2:32 PM
> Subject: RE: match protocol http [ url vs mime ]
>
>
> > The protocol type represents a field within the HTTP structures... It
> will
> > never look like "*.jpeg". That's a filename call, and within the URL.
> >
> > MIME types are "image/jpeg", "image/gif", "video/avi" and things like
> > that... There's an RFC about Multimedia Independent Mail Extensions
> (MIME),
> > but I don't recall what its number is...
> >
> > Otherwise, take a look at your File Associations table in Windows and
> you'll
> > have an idea for different MIME types and their name.
> >
> > HTH,
> >
> >
> > Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service Provider)
> > #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications Specialist,
> IP
> > Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> > CCSI #21903
> > swm@emanon.com
> >
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > ccie2be
> > Sent: Thursday, November 11, 2004 12:31 PM
> > To: Group Study
> > Subject: match protocol http [ url vs mime ]
> >
> > Hi guys,
> >
> > I need some help figuring out when to use the "mime" parameter when
> matching
> > traffic.
> >
> > For example, if I want to apply a policy which filters or restricts
> traffic
> > that contains jpeg files which config should I use?
> >
> > class-map jpeg
> > match protocol http url "*.jpeg"
> >
> > or
> >
> > match protocol http mime "*.jpeg"
> >
> >
> > Also, can regular expressions be used within the quote marks?
> >
> > For example, is this OK?
> >
> > match prot http mime "*.jpeg | *.jpg | *.mpeg"
> >
> >
> > Any insight or help is greatly appreciated.
> >
> > TIA, Tim
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:42 GMT-3