RE: match protocol http url

From: Gajewski Mariusz - TP POLPAK (Mariusz.Gajewski@telekomunikacja.pl)
Date: Tue Sep 06 2005 - 12:57:31 GMT-3

• Next message: Scott Morris: "RE: Compare Configs Tool"
• Previous message: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys,
  Please correct me if I'm wrong but , If I understand the task correctly -
we'll be matching on http responses from the serwer to clients - and if this
is the case - we need to match on :
Match proto http mime

Not :

Match proto http url

Am I right ?

Cheers,
Mariusz

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Tuesday, September 06, 2005 5:41 PM
To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: RE: match protocol http url

KY,

Your configuration looks close to me. I would do it slightly differently
though.

The basic constructs seem fine, matching on the file extensions listed (it
does not seem to be asking for matching on mime as the specifications are
with a period) and the drop class is a match all excluding the policed
traffic class.

I would just change the >>> match protocol http url "*.*"

To match protocol http host *

Your entry matches on anything after the www.anydomain.com portion so if an
HTTP request to www.cisco.com came through, it would make it, as there is
nothing after the .com, however matching on the host stops any requests.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of John
Matus
Sent: Saturday, September 03, 2005 11:53 PM
To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: Re: match protocol http url

.....and i don't have a router in from of me so forgive me

1) can you "match-not" a class? if so..........interesting
2) i forget if you can match just http traffice w/ "match pro http" or if it
has to be "match pro http url *". if the later is the case yours might be
correct.

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "John Matus" <jmatus@pacbell.net>
To: "John Matus" <jmatus@pacbell.net>; <nhqky888@ybb.ne.jp>;
<ccielab@groupstudy.com>
Sent: Saturday, September 03, 2005 9:49 PM
Subject: Re: match protocol http url

> opps, i put "mpeg" where i meant to put "gif"
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: "John Matus" <jmatus@pacbell.net>
> To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
> Sent: Saturday, September 03, 2005 9:45 PM
> Subject: Re: match protocol http url
>
>
>> mmm. i think you match-not statement is off <i think> with this you
>> will first match all http traffice "except" pictures and then drop it

>> that leaves pictures to be matched in class pics where you can police
it.
>>
>> class-map match-all http_not_pics
>> match pro http
>> match not pro http url "*.jpg"
>> match not pro mime "*jpg"
>> match not pro http url "*.mgeg"
>> match not pro mime "*.mpeg"
>>
>> class-map match-all pics
>> match pro http url "*.jpg"
>> match pro mime "*jpg"
>> match pro http url "*.mgeg"
>> match pro mime "*.mpeg"
>>
>>
>> policy-map pics
>> class pics
>> police cir 1000000
>> class http_not_pics
>> action drop
>>
>>
>>
>> Regards,
>>
>> John D. Matus
>> MCSE, CCNP
>> Office: 818-782-2061
>> Cell: 818-430-8372
>> jmatus@pacbell.net
>> ----- Original Message -----
>> From: <nhqky888@ybb.ne.jp>
>> To: <ccielab@groupstudy.com>
>> Sent: Saturday, September 03, 2005 9:28 PM
>> Subject: match protocol http url
>>
>>
>>> Hi all,
>>>
>>> Here is a task,
>>>
>>> Inbound http traffic including .gif, .jpeg, .jpg should be limited
>>> to 100K.
>>> All any other http files should be droped.
>>>
>>>
>>> My solution;
>>>
>>>
>>> ip cef
>>> !
>>> class-map match-any police
>>> match protocol http url "*.gif"
>>> match protocol http url "*.jpg"
>>> match protocol http url "*.jpeg"
>>> class-map match-all drop
>>> match not class-map police
>>> match protocol http url "*.*"
>>> !
>>> !
>>> policy-map NBAR
>>> class police
>>> police cir 100000
>>> conform-action transmit
>>> exceed-action drop
>>> class drop
>>> drop
>>> !
>>> interface Ethernet0/0.9
>>> encapsulation dot1Q 9
>>> ip address 1.1.9.3 255.255.255.0
>>> service-policy input NBAR
>>> !
>>>
>>>
>>> Does "*.*" mean any http files on my soluiton?
>>>
>>> Correct me if I am wrong.
>>>
>>>
>>> KY
>>>
>>> ____________________________________________________________________
>>> ___ Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _____________________________________________________________________
>> __ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: Compare Configs Tool"
• Previous message: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3