From: John Matus (jmatus@pacbell.net)
Date: Sun Sep 04 2005 - 01:45:36 GMT-3
mmm. i think you match-not statement is off <i think>
with this you will first match all http traffice "except" pictures and then
drop it
that leaves pictures to be matched in class pics where you can police it.
class-map match-all http_not_pics
match pro http
match not pro http url "*.jpg"
match not pro mime "*jpg"
match not pro http url "*.mgeg"
match not pro mime "*.mpeg"
class-map match-all pics
match pro http url "*.jpg"
match pro mime "*jpg"
match pro http url "*.mgeg"
match pro mime "*.mpeg"
policy-map pics
class pics
police cir 1000000
class http_not_pics
action drop
Regards,
John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: <nhqky888@ybb.ne.jp>
To: <ccielab@groupstudy.com>
Sent: Saturday, September 03, 2005 9:28 PM
Subject: match protocol http url
> Hi all,
>
> Here is a task,
>
> Inbound http traffic including .gif, .jpeg, .jpg should be limited to
> 100K.
> All any other http files should be droped.
>
>
> My solution;
>
>
> ip cef
> !
> class-map match-any police
> match protocol http url "*.gif"
> match protocol http url "*.jpg"
> match protocol http url "*.jpeg"
> class-map match-all drop
> match not class-map police
> match protocol http url "*.*"
> !
> !
> policy-map NBAR
> class police
> police cir 100000
> conform-action transmit
> exceed-action drop
> class drop
> drop
> !
> interface Ethernet0/0.9
> encapsulation dot1Q 9
> ip address 1.1.9.3 255.255.255.0
> service-policy input NBAR
> !
>
>
> Does "*.*" mean any http files on my soluiton?
>
> Correct me if I am wrong.
>
>
> KY
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3