RE: match protocol http url

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Sep 06 2005 - 13:16:46 GMT-3

From what was posted, the requirement states this

" Inbound http traffic including .gif, .jpeg, .jpg should be limited to
100K."

In the absence of more information, I took inbound to mean inbound on a
specific interface, therefore it was not specified whether inbound
refers to flows from clients to servers or servers to clients. Also as
stated the .gif and .jpeg lead me to conclude the question is referring
to file extensions, not mime types.

I guess it all comes down to exact wording and interpretation of the
question.

Chris

-----Original Message-----
From: Gajewski Mariusz - TP POLPAK
[mailto:Mariusz.Gajewski@telekomunikacja.pl]
Sent: Tuesday, September 06, 2005 10:58 AM
To: Chris Lewis (chrlewis); John Matus; nhqky888@ybb.ne.jp;
ccielab@groupstudy.com
Subject: RE: match protocol http url

Guys,
  Please correct me if I'm wrong but , If I understand the task
correctly - we'll be matching on http responses from the serwer to
clients - and if this is the case - we need to match on :
Match proto http mime

Not :

Match proto http url

Am I right ?

Cheers,
Mariusz

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Tuesday, September 06, 2005 5:41 PM
To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: RE: match protocol http url

KY,

Your configuration looks close to me. I would do it slightly differently
though.

The basic constructs seem fine, matching on the file extensions listed
(it does not seem to be asking for matching on mime as the
specifications are with a period) and the drop class is a match all
excluding the policed traffic class.

I would just change the >>> match protocol http url "*.*"

To match protocol http host *

Your entry matches on anything after the www.anydomain.com portion so if
an HTTP request to www.cisco.com came through, it would make it, as
there is nothing after the .com, however matching on the host stops any
requests.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Matus
Sent: Saturday, September 03, 2005 11:53 PM
To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: Re: match protocol http url

.....and i don't have a router in from of me so forgive me

1) can you "match-not" a class? if so..........interesting
2) i forget if you can match just http traffice w/ "match pro http" or
if it has to be "match pro http url *". if the later is the case yours
might be correct.

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "John Matus" <jmatus@pacbell.net>
To: "John Matus" <jmatus@pacbell.net>; <nhqky888@ybb.ne.jp>;
<ccielab@groupstudy.com>
Sent: Saturday, September 03, 2005 9:49 PM
Subject: Re: match protocol http url

> opps, i put "mpeg" where i meant to put "gif"
>
>
> Regards,
>
> John D. Matus
> MCSE, CCNP
> Office: 818-782-2061
> Cell: 818-430-8372
> jmatus@pacbell.net
> ----- Original Message -----
> From: "John Matus" <jmatus@pacbell.net>
> To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
> Sent: Saturday, September 03, 2005 9:45 PM
> Subject: Re: match protocol http url
>
>
>> mmm. i think you match-not statement is off <i think> with this you
>> will first match all http traffice "except" pictures and then drop it

>> that leaves pictures to be matched in class pics where you can police
it.
>>
>> class-map match-all http_not_pics
>> match pro http
>> match not pro http url "*.jpg"
>> match not pro mime "*jpg"
>> match not pro http url "*.mgeg"
>> match not pro mime "*.mpeg"
>>
>> class-map match-all pics
>> match pro http url "*.jpg"
>> match pro mime "*jpg"
>> match pro http url "*.mgeg"
>> match pro mime "*.mpeg"
>>
>>
>> policy-map pics
>> class pics
>> police cir 1000000
>> class http_not_pics
>> action drop
>>
>>
>>
>> Regards,
>>
>> John D. Matus
>> MCSE, CCNP
>> Office: 818-782-2061
>> Cell: 818-430-8372
>> jmatus@pacbell.net
>> ----- Original Message -----
>> From: <nhqky888@ybb.ne.jp>
>> To: <ccielab@groupstudy.com>
>> Sent: Saturday, September 03, 2005 9:28 PM
>> Subject: match protocol http url
>>
>>
>>> Hi all,
>>>
>>> Here is a task,
>>>
>>> Inbound http traffic including .gif, .jpeg, .jpg should be limited
>>> to 100K.
>>> All any other http files should be droped.
>>>
>>>
>>> My solution;
>>>
>>>
>>> ip cef
>>> !
>>> class-map match-any police
>>> match protocol http url "*.gif"
>>> match protocol http url "*.jpg"
>>> match protocol http url "*.jpeg"
>>> class-map match-all drop
>>> match not class-map police
>>> match protocol http url "*.*"
>>> !
>>> !
>>> policy-map NBAR
>>> class police
>>> police cir 100000
>>> conform-action transmit
>>> exceed-action drop
>>> class drop
>>> drop
>>> !
>>> interface Ethernet0/0.9
>>> encapsulation dot1Q 9
>>> ip address 1.1.9.3 255.255.255.0
>>> service-policy input NBAR
>>> !
>>>
>>>
>>> Does "*.*" mean any http files on my soluiton?
>>>
>>> Correct me if I am wrong.
>>>
>>>
>>> KY
>>>
>>> ____________________________________________________________________
>>> ___ Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _____________________________________________________________________
>> __ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3