Re: match protocol http url

From: John Matus (jmatus@pacbell.net)
Date: Sun Sep 04 2005 - 01:49:35 GMT-3

• Next message: John Matus: "Re: match protocol http url"
• Previous message: John Matus: "Re: match protocol http url"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: John Matus: "Re: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

opps, i put "mpeg" where i meant to put "gif"

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "John Matus" <jmatus@pacbell.net>
To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
Sent: Saturday, September 03, 2005 9:45 PM
Subject: Re: match protocol http url

> mmm. i think you match-not statement is off <i think>
> with this you will first match all http traffice "except" pictures and
> then drop it
> that leaves pictures to be matched in class pics where you can police it.
>
> class-map match-all http_not_pics
> match pro http
> match not pro http url "*.jpg"
> match not pro mime "*jpg"
> match not pro http url "*.mgeg"
> match not pro mime "*.mpeg"
>
> class-map match-all pics
> match pro http url "*.jpg"
> match pro mime "*jpg"
> match pro http url "*.mgeg"
> match pro mime "*.mpeg"
>
>
> policy-map pics
> class pics
> police cir 1000000
> class http_not_pics
> action drop
>
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: <nhqky888@ybb.ne.jp>
> To: <ccielab@groupstudy.com>
> Sent: Saturday, September 03, 2005 9:28 PM
> Subject: match protocol http url
>
>
>> Hi all,
>>
>> Here is a task,
>>
>> Inbound http traffic including .gif, .jpeg, .jpg should be limited to
>> 100K.
>> All any other http files should be droped.
>>
>>
>> My solution;
>>
>>
>> ip cef
>> !
>> class-map match-any police
>> match protocol http url "*.gif"
>> match protocol http url "*.jpg"
>> match protocol http url "*.jpeg"
>> class-map match-all drop
>> match not class-map police
>> match protocol http url "*.*"
>> !
>> !
>> policy-map NBAR
>> class police
>> police cir 100000
>> conform-action transmit
>> exceed-action drop
>> class drop
>> drop
>> !
>> interface Ethernet0/0.9
>> encapsulation dot1Q 9
>> ip address 1.1.9.3 255.255.255.0
>> service-policy input NBAR
>> !
>>
>>
>> Does "*.*" mean any http files on my soluiton?
>>
>> Correct me if I am wrong.
>>
>>
>> KY
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: John Matus: "Re: match protocol http url"
• Previous message: John Matus: "Re: match protocol http url"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: John Matus: "Re: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3