From: Scott Morris (swm@emanon.com)
Date: Thu Aug 18 2005 - 09:14:46 GMT-3
It's a wildcard character. Otherwise you're expecting the string to start
with LOCATR.
Match "www*" will match damned near anything! :) But ".com*" will not.
The URL is the text being matched on.
As for which part(s) of regular expression matching are used and which
aren't, you'd have to ask the programmers about that logic (or lack
thereof).
Sorry I can't help more there!
Scott
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Thursday, August 18, 2005 8:12 AM
To: swm@emanon.com; 'Thomwin Chen'; ccielab@groupstudy.com
Subject: RE: observation on NBAR
Hey Scott,
Thanks to you I do understand the differences between mime type and
filenames.
I should have been more specific though about what really bothered me and
that's the last example:
match protocol http url "LOCATR*" didn't match
www.cisco.com/WWChannels/LOCATR/
match protocol http url "*LOCATR* match www.cisco.com/WWChannels/LOCATR/
Why, in this example, is the first asterisk needed?
As for the 1st example, I would say that no match occurred because jpg is
NOT a mime type, correct? And, the same for the mpg example.
match protocol http mime "*jpg" ---> didn't match anything (even the jpg
file
TIA, Tim
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Thursday, August 18, 2005 7:30 AM
To: 'ccie2be'; 'Thomwin Chen'; ccielab@groupstudy.com
Subject: RE: observation on NBAR
Those observations are correct. Once you understand the difference between
the MIME type (MIME match image/jpeg) is a separate entity from the filename
(URL match "*jpg") then you're on the right track!
Disturbing? Well.. Ok, yeah. Mistakes do happen, especially in something
the size of Cisco's documentation! But nicely let someone know about it and
things can get fixed! I know everyone hates to think that, but given the
size and breadth of Cisco documentation, they're still the best out there!!
You can find damned near anything!
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Thursday, August 18, 2005 7:23 AM
To: 'Thomwin Chen'; ccielab@groupstudy.com
Subject: RE: observation on NBAR
Hey Thomas,
Excellent but highly disturbing observations.
How did you make your determination?
And, are you 100% sure you're observations are correct?
Assuming you are correct, these inconsistencies are very disturbing.
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomwin Chen
Sent: Thursday, August 18, 2005 1:46 AM
To: ccielab@groupstudy.com
Subject: observation on NBAR
Hi All,
I just observed NBAR and tested it.
I use this following link :
http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guid
e09186a0080134add.html
and use this link sent by Scott Morris several days ago:
http://www.sfsu.edu/training/mimetype.htm
I just noticed that :
match protocol http mime "*jpg" ---> didn't match anything (even the jpg
file)
match protocol http mime "*jpeg" or match protocol http mime "image/jpeg"
---> match jpeg,jpg,jpe,jfif,pjpeg,pjp
match protocol http mime "*mpg" ---> didn't match anything (even the mpg
file)
match protocol http mime "*mpeg" or match protocol http mime "video/mpeg"
----> match mpeg,mpg,mpe,mpv,vbs,mpegv
match protocol http host "cisco*" ----> didn't match www.cisco.com match
protocol http host "*cisco*" -----> match www.cisco.com
match protocol http url "WWChannels*" match www.cisco.com/WWChannels/ match
protocol http url "*WWChannels*" match www.cisco.com/WWChannels/ match
protocol http url "LOCATR*" didn't match www.cisco.com/WWChannels/LOCATR/
match protocol http url "*LOCATR* match www.cisco.com/WWChannels/LOCATR/
Rgds,
Thomwin
---------------------------------
Start your day with Yahoo! - make it your home page
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3