RE: match protocol http url

From: Rob Nockowitz (robnockowitz@msn.com)
Date: Tue Sep 06 2005 - 14:05:58 GMT-3

• Next message: Bill.McKenzie@bisys.com: "Re: no arp frame-relay vs no frame-relay inverse arp"
• Previous message: gladston@br.ibm.com: "RE: Dual Fifo Queue Size"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

i think this may be the deal:

when the browser asked for a web page or download, containing gif, jpeg or
jpg, the html code has a mime type specified.. for example image/jpeg (which
incldues jpeg and jpg) or image/gif... this is how your browser knows what
to do with it

so:

class match-any IMAGE
match protocol http mime "image/jpeg"
match protocol http mime "image/gif"

policy-map POLICE
class IMAGE
   police 100000

rob

>From: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
>Reply-To: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
>To: "Gajewski Mariusz - TP POLPAK" <Mariusz.Gajewski@telekomunikacja.pl>,
> "John Matus" <jmatus@pacbell.net>, <nhqky888@ybb.ne.jp>,
><ccielab@groupstudy.com>
>Subject: RE: match protocol http url
>Date: Tue, 6 Sep 2005 12:16:46 -0400
>
>From what was posted, the requirement states this
>
>" Inbound http traffic including .gif, .jpeg, .jpg should be limited to
>100K."
>
>In the absence of more information, I took inbound to mean inbound on a
>specific interface, therefore it was not specified whether inbound
>refers to flows from clients to servers or servers to clients. Also as
>stated the .gif and .jpeg lead me to conclude the question is referring
>to file extensions, not mime types.
>
>I guess it all comes down to exact wording and interpretation of the
>question.
>
>Chris
>
>-----Original Message-----
>From: Gajewski Mariusz - TP POLPAK
>[mailto:Mariusz.Gajewski@telekomunikacja.pl]
>Sent: Tuesday, September 06, 2005 10:58 AM
>To: Chris Lewis (chrlewis); John Matus; nhqky888@ybb.ne.jp;
>ccielab@groupstudy.com
>Subject: RE: match protocol http url
>
>Guys,
> Please correct me if I'm wrong but , If I understand the task
>correctly - we'll be matching on http responses from the serwer to
>clients - and if this is the case - we need to match on :
>Match proto http mime
>
>Not :
>
>Match proto http url
>
>Am I right ?
>
>Cheers,
>Mariusz
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Chris Lewis (chrlewis)
>Sent: Tuesday, September 06, 2005 5:41 PM
>To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
>Subject: RE: match protocol http url
>
>
>KY,
>
>Your configuration looks close to me. I would do it slightly differently
>though.
>
>The basic constructs seem fine, matching on the file extensions listed
>(it does not seem to be asking for matching on mime as the
>specifications are with a period) and the drop class is a match all
>excluding the policed traffic class.
>
>I would just change the >>> match protocol http url "*.*"
>
>To match protocol http host *
>
>Your entry matches on anything after the www.anydomain.com portion so if
>an HTTP request to www.cisco.com came through, it would make it, as
>there is nothing after the .com, however matching on the host stops any
>requests.
>
>Chris
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>John Matus
>Sent: Saturday, September 03, 2005 11:53 PM
>To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
>Subject: Re: match protocol http url
>
>.....and i don't have a router in from of me so forgive me
>
>1) can you "match-not" a class? if so..........interesting
>2) i forget if you can match just http traffice w/ "match pro http" or
>if it has to be "match pro http url *". if the later is the case yours
>might be correct.
>
>
>Regards,
>
>John D. Matus
>MCSE, CCNP
>Office: 818-782-2061
>Cell: 818-430-8372
>jmatus@pacbell.net
>----- Original Message -----
>From: "John Matus" <jmatus@pacbell.net>
>To: "John Matus" <jmatus@pacbell.net>; <nhqky888@ybb.ne.jp>;
><ccielab@groupstudy.com>
>Sent: Saturday, September 03, 2005 9:49 PM
>Subject: Re: match protocol http url
>
>
> > opps, i put "mpeg" where i meant to put "gif"
> >
> >
> > Regards,
> >
> > John D. Matus
> > MCSE, CCNP
> > Office: 818-782-2061
> > Cell: 818-430-8372
> > jmatus@pacbell.net
> > ----- Original Message -----
> > From: "John Matus" <jmatus@pacbell.net>
> > To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
> > Sent: Saturday, September 03, 2005 9:45 PM
> > Subject: Re: match protocol http url
> >
> >
> >> mmm. i think you match-not statement is off <i think> with this you
> >> will first match all http traffice "except" pictures and then drop it
>
> >> that leaves pictures to be matched in class pics where you can police
>it.
> >>
> >> class-map match-all http_not_pics
> >> match pro http
> >> match not pro http url "*.jpg"
> >> match not pro mime "*jpg"
> >> match not pro http url "*.mgeg"
> >> match not pro mime "*.mpeg"
> >>
> >> class-map match-all pics
> >> match pro http url "*.jpg"
> >> match pro mime "*jpg"
> >> match pro http url "*.mgeg"
> >> match pro mime "*.mpeg"
> >>
> >>
> >> policy-map pics
> >> class pics
> >> police cir 1000000
> >> class http_not_pics
> >> action drop
> >>
> >>
> >>
> >> Regards,
> >>
> >> John D. Matus
> >> MCSE, CCNP
> >> Office: 818-782-2061
> >> Cell: 818-430-8372
> >> jmatus@pacbell.net
> >> ----- Original Message -----
> >> From: <nhqky888@ybb.ne.jp>
> >> To: <ccielab@groupstudy.com>
> >> Sent: Saturday, September 03, 2005 9:28 PM
> >> Subject: match protocol http url
> >>
> >>
> >>> Hi all,
> >>>
> >>> Here is a task,
> >>>
> >>> Inbound http traffic including .gif, .jpeg, .jpg should be limited
> >>> to 100K.
> >>> All any other http files should be droped.
> >>>
> >>>
> >>> My solution;
> >>>
> >>>
> >>> ip cef
> >>> !
> >>> class-map match-any police
> >>> match protocol http url "*.gif"
> >>> match protocol http url "*.jpg"
> >>> match protocol http url "*.jpeg"
> >>> class-map match-all drop
> >>> match not class-map police
> >>> match protocol http url "*.*"
> >>> !
> >>> !
> >>> policy-map NBAR
> >>> class police
> >>> police cir 100000
> >>> conform-action transmit
> >>> exceed-action drop
> >>> class drop
> >>> drop
> >>> !
> >>> interface Ethernet0/0.9
> >>> encapsulation dot1Q 9
> >>> ip address 1.1.9.3 255.255.255.0
> >>> service-policy input NBAR
> >>> !
> >>>
> >>>
> >>> Does "*.*" mean any http files on my soluiton?
> >>>
> >>> Correct me if I am wrong.
> >>>
> >>>
> >>> KY
> >>>
> >>> ____________________________________________________________________
> >>> ___ Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> _____________________________________________________________________
> >> __ Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Bill.McKenzie@bisys.com: "Re: no arp frame-relay vs no frame-relay inverse arp"
• Previous message: gladston@br.ibm.com: "RE: Dual Fifo Queue Size"
• Maybe in reply to: nhqky888@ybb.ne.jp: "match protocol http url"
• Next in thread: Chris Lewis \(chrlewis\): "RE: match protocol http url"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3