RE: filter www traffic

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Fri Dec 10 2004 - 14:31:05 GMT-3

• Next message: Richard Gallagher: "Re: MQC Pop Quiz Jeopardy Style"
• Previous message: ccie2be: "MQC Pop Quiz Jeopardy Style"
• Maybe in reply to: ccie zeng: "filter www traffic"
• Next in thread: Brian McGahan: "RE: filter www traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Doesn't his question say filter traffic inbound from R2?

So it would be only one statement....

-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: Friday, December 10, 2004 6:32 AM
To: ccie2be; ccie zeng; ccielab@groupstudy.com
Subject: RE: filter www traffic

        When a client sends an HTTP GET to a web server, is that WWW
traffic? When the server replies, is that also WWW traffic? Yes, they
both are. Therefore since the question didn't state which direction the
traffic flow is, I would assume to filter both.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> ccie2be
> Sent: Friday, December 10, 2004 7:36 AM
> To: ccie zeng; ccielab@groupstudy.com
> Subject: Re: filter www traffic
>
> Wei,
>
> When you say "filter", do you mean allow only www or deny www?
>
> Usually, filter means deny, so you're permit statement really should
be a
> deny statement.
>
> Now, I'm 95% sure that to filter www traffic, you want to filter
traffic
> with a destination port of 80 which is what a client uses to request
www.
> So, the correct acl statement would be:
>
> access-list 100 deny tcp any any eq www
> access-list 100 perm <enter what's permitted or all traffic will be
> blocked by implicit deny at end>
>
> HTH, Tim
> ----- Original Message -----
> From: "ccie zeng" <ccie.candidate@gmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Friday, December 10, 2004 5:07 AM
> Subject: filter www traffic
>
>
> > Hi:
> > I have following topology
> >
> > R1 --- R2
> > I was asked to configure on R1 to filter inbound www traffic from
R2,
> > should I configure:
> >
> > access-list 100 permit tcp any any eq www
> > OR
> > access-list 100 permit tcp any eq www any
> >
> > Thanks
> > Wei
> >
> >

• Next message: Richard Gallagher: "Re: MQC Pop Quiz Jeopardy Style"
• Previous message: ccie2be: "MQC Pop Quiz Jeopardy Style"
• Maybe in reply to: ccie zeng: "filter www traffic"
• Next in thread: Brian McGahan: "RE: filter www traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:26 GMT-3