From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Nov 12 2004 - 07:54:44 GMT-3
Hi Mark,
In the book, Cisco Router Firewall Security, on page 456, I found an example
where the pipe is used. What we were missing is that parentheses are also
needed. For example, "(blah | blahblah)"
Unfortunately, I don't have a way of testing that.
----- Original Message -----
From: "Mark H. Turpin" <MHTurpin@basspro.com>
To: "ccie2be" <ccie2be@nyc.rr.com>; <ccielab@groupstudy.com>
Sent: Thursday, November 11, 2004 6:29 PM
Subject: RE: match protocol http [ url vs mime ]
> I don't believe using the pipe inside quotes will work the way you want
> it to.
>
> i think the cisco way is using the -all or -any methods...
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Thursday, November 11, 2004 4:54 PM
> To: Mark H. Turpin
> Subject: Re: match protocol http [ url vs mime ]
>
> HeHeHe.
>
> Of course, that's the easy way to do this.
>
> But, let me ask you something.
>
> When you're taking the lab, if there's an easy way do to something and a
> difficult way to do the same thing, which way will CISCO insist you do
> it?
>
>
> ----- Original Message -----
> From: "Mark H. Turpin" <MHTurpin@basspro.com>
> To: "Group Study" <ccielab@groupstudy.com>
> Sent: Thursday, November 11, 2004 5:16 PM
> Subject: RE: match protocol http [ url vs mime ]
>
>
> > Can't you just use the class-map match type to do the or?
> >
> > 2600(config)#class-map ?
> > WORD class-map name
> > match-all Logical-AND all matching statements under this classmap
> > match-any Logical-OR all matching statements under this classmap
> >
> > So, if you're wanting to perform an AND operation, use -all. If
> you're
> > wanting to OR, I'd use match-any.
> >
> > -mark
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > ccie2be
> > Sent: Thursday, November 11, 2004 2:27 PM
> > To: swm@emanon.com; 'Group Study'
> > Subject: Re: match protocol http [ url vs mime ]
> >
> > Hi Scott,
> >
> > Thanks for getting back to me.
> >
> > Before I posted the questions below I did a google and found the rfc
> for
> > mime. Here's the link for anyone interested:
> >
> > http://www.mhonarc.org/~ehood/MIME/2045/rfc2045.html
> >
> > I started reading it but after a while my eyes glazed over and I
> didn't
> > find
> > anything that actually helped me figure out whether I should use the
> url
> > or
> > mime parameter of the match prot http command to accomplish this task.
> >
> > Maybe my brain isn't in good working order at the moment, but after
> > reading
> > your response, I'm still not sure whether I should use the url or mime
> > parameter in the match protocol http command to classify jpeg's,
> gif's,
> > mpeg's, etc.
> >
> > So, let's say I want to block web surfers from downloading jpeg's and
> > avi's.
> >
> > Would I use
> >
> > match prot http url "*jpeg | *avi"
> >
> > or
> >
> > match prot http mime "*jpeg | *avi"
> >
> > Notice that I used the bar | to specify either jpeg OR avi. Is that
> OK?
> >
> > Thanks, Tim
> >
> > ----- Original Message -----
> > From: "Scott Morris" <swm@emanon.com>
> > To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> > <ccielab@groupstudy.com>
> > Sent: Thursday, November 11, 2004 2:32 PM
> > Subject: RE: match protocol http [ url vs mime ]
> >
> >
> > > The protocol type represents a field within the HTTP structures...
> It
> > will
> > > never look like "*.jpeg". That's a filename call, and within the
> URL.
> > >
> > > MIME types are "image/jpeg", "image/gif", "video/avi" and things
> like
> > > that... There's an RFC about Multimedia Independent Mail Extensions
> > (MIME),
> > > but I don't recall what its number is...
> > >
> > > Otherwise, take a look at your File Associations table in Windows
> and
> > you'll
> > > have an idea for different MIME types and their name.
> > >
> > > HTH,
> > >
> > >
> > > Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service
> > Provider)
> > > #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications
> > Specialist,
> > IP
> > > Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> > > CCSI #21903
> > > swm@emanon.com
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > ccie2be
> > > Sent: Thursday, November 11, 2004 12:31 PM
> > > To: Group Study
> > > Subject: match protocol http [ url vs mime ]
> > >
> > > Hi guys,
> > >
> > > I need some help figuring out when to use the "mime" parameter when
> > matching
> > > traffic.
> > >
> > > For example, if I want to apply a policy which filters or restricts
> > traffic
> > > that contains jpeg files which config should I use?
> > >
> > > class-map jpeg
> > > match protocol http url "*.jpeg"
> > >
> > > or
> > >
> > > match protocol http mime "*.jpeg"
> > >
> > >
> > > Also, can regular expressions be used within the quote marks?
> > >
> > > For example, is this OK?
> > >
> > > match prot http mime "*.jpeg | *.jpg | *.mpeg"
> > >
> > >
> > > Any insight or help is greatly appreciated.
> > >
> > > TIA, Tim
> > >
> > >
> >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:42 GMT-3