RE: using NBAR to match web traffic

From: Sam Joseph (samjoseph747@hotmail.com)
Date: Fri Jun 03 2005 - 19:58:24 GMT-3

• Next message: John Matus: "ospf area 0.0.0.0"
• Previous message: Stephen Fisher: "Re: SLB"
• Maybe in reply to: ccie2be: "using NBAR to match web traffic"
• Next in thread: sumit.kumar@comcast.net: "RE: using NBAR to match web traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

How about this Config:

class-map match-all WEB-APP
match protocol http host *www.web-based-app.com*
match protocol http url *webapp/*

Thanks.

>From: "ccie2be" <ccie2be@nyc.rr.com>
>Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
>To: "'Stephen Fisher'" <stephentfisher@yahoo.com>, "Group Study"
><ccielab@groupstudy.com>
>Subject: RE: using NBAR to match web traffic
>Date: Fri, 3 Jun 2005 18:50:32 -0400
>
>Hey Steve,
>
>Actually, that missing * was a typo. I meant to include it.
>
>The reason I posted this question was because the IE Solution was
>different.
>
>This is the IE solution:
>
>class-map match-all WEB-APP
> match prot http host "www.web-based-app.com"
> match prot http url "webapp/*"
>
>
>As you can see, IE breaks it down into 2 match statements. And, I wanted
>to
>know if the way I thought of would work being that it's different from the
>IE Solution.
>
>I know that often there is more than 1 correct way to accomplish something
>but without knowing how to verify my config, I can't be sure if this is one
>of them.
>
>Thanks for getting back to me.
>
>-----Original Message-----
>From: Stephen Fisher [mailto:stephentfisher@yahoo.com]
>Sent: Friday, June 03, 2005 6:28 PM
>To: ccielab@groupstudy.com
>Cc: ccie2be
>Subject: Re: using NBAR to match web traffic
>
>On Fri, Jun 03, 2005 at 01:52:45PM -0400, ccie2be wrote:
>
> > I want to permit users to access only a web based application which
> > has a root directory of
> >
> > http://www.web-based-app.com/webapp/
> >
> > Will this work?
> >
> > class-map WEB-APP
> > match protocol http url "http://www.web-based-app.com/webapp/"
>
>My notes from practicing this topic say that you need to put wildcards
>or else it will match only what you specify for the URL field, so
>try this:
>
> match protocol http url "http://www.web-based-app.com/webapp/*"
>
>Although I could be wrong?
>
> > In the lab, if giving a similar fake url, is there any way to verify
> > my config is correct?
>
>I can't think of any other than knowing how it works before hand :(
>
>
>Steve
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: John Matus: "ospf area 0.0.0.0"
• Previous message: Stephen Fisher: "Re: SLB"
• Maybe in reply to: ccie2be: "using NBAR to match web traffic"
• Next in thread: sumit.kumar@comcast.net: "RE: using NBAR to match web traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3