From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Jun 03 2005 - 19:50:32 GMT-3
Hey Steve,
Actually, that missing * was a typo. I meant to include it.
The reason I posted this question was because the IE Solution was different.
This is the IE solution:
class-map match-all WEB-APP
match prot http host "www.web-based-app.com"
match prot http url "webapp/*"
As you can see, IE breaks it down into 2 match statements. And, I wanted to
know if the way I thought of would work being that it's different from the
IE Solution.
I know that often there is more than 1 correct way to accomplish something
but without knowing how to verify my config, I can't be sure if this is one
of them.
Thanks for getting back to me.
-----Original Message-----
From: Stephen Fisher [mailto:stephentfisher@yahoo.com]
Sent: Friday, June 03, 2005 6:28 PM
To: ccielab@groupstudy.com
Cc: ccie2be
Subject: Re: using NBAR to match web traffic
On Fri, Jun 03, 2005 at 01:52:45PM -0400, ccie2be wrote:
> I want to permit users to access only a web based application which
> has a root directory of
>
> http://www.web-based-app.com/webapp/
>
> Will this work?
>
> class-map WEB-APP
> match protocol http url "http://www.web-based-app.com/webapp/"
My notes from practicing this topic say that you need to put wildcards
or else it will match only what you specify for the URL field, so
try this:
match protocol http url "http://www.web-based-app.com/webapp/*"
Although I could be wrong?
> In the lab, if giving a similar fake url, is there any way to verify
> my config is correct?
I can't think of any other than knowing how it works before hand :(
Steve
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3