From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Sep 13 2005 - 10:27:50 GMT-3
Hello Shun,
This has already been discussed in some detail on the list.
To find it I went to google advanced search and typed in
jpg jpeg mime Morris and restricted the search to groupstudy.com
As I remember the thread was between Tim and Scott. The first message is
at
http://shop.groupstudy.com/archives/ccielab/200411/msg00491.html
Click on thread index for the whole conversation. I think this already
covers most of what you'll nedd to know, if you still have specific
questions after that, please post again.
Cheers
Chris
-----Original Message-----
From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
Sent: Tuesday, September 13, 2005 1:14 AM
To: Chris Lewis (chrlewis); robnockowitz@msn.com;
Mariusz.Gajewski@telekomunikacja.pl; jmatus@pacbell.net;
nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: RE: match protocol http url
Chris
Can you explain a bit about these mine type and file extension if you
have time. What can be used for what? A one line description about each
feature will do? I think some fundamentals will correct the answer of
the below question
Do it only when your time permits..
Regards
Shunmugam
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Tuesday, September 06, 2005 10:28 AM
To: Rob Nockowitz; Mariusz.Gajewski@telekomunikacja.pl;
jmatus@pacbell.net; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: RE: match protocol http url
If the question stated jpg, jpeg or gif without the periods I would
agree with you.
Mime types as you know are specified with the top level media type,
(text, audio,video, image or application) followed by a / and the sub
type such as gif, jpeg or whatever as you have shown in your example.
Files as we all know are denoted by a .xxx extension.
My understanding is that a file could contain elements of various MIME
types.
Is it possible that a file with the extension .gif could contain
elements with multiple different MIME types? If so, filtering on the
mime type would not police all the elements of the file.gif being
transferred.
Chris
-----Original Message-----
From: Rob Nockowitz [mailto:robnockowitz@msn.com]
Sent: Tuesday, September 06, 2005 12:06 PM
To: Chris Lewis (chrlewis); Mariusz.Gajewski@telekomunikacja.pl;
jmatus@pacbell.net; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
Subject: RE: match protocol http url
i think this may be the deal:
when the browser asked for a web page or download, containing gif, jpeg
or jpg, the html code has a mime type specified.. for example image/jpeg
(which incldues jpeg and jpg) or image/gif... this is how your browser
knows what to do with it
so:
class match-any IMAGE
match protocol http mime "image/jpeg"
match protocol http mime "image/gif"
policy-map POLICE
class IMAGE
police 100000
rob
>From: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
>Reply-To: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
>To: "Gajewski Mariusz - TP POLPAK"
<Mariusz.Gajewski@telekomunikacja.pl>,
> "John Matus" <jmatus@pacbell.net>, <nhqky888@ybb.ne.jp>,
><ccielab@groupstudy.com>
>Subject: RE: match protocol http url
>Date: Tue, 6 Sep 2005 12:16:46 -0400
>
>From what was posted, the requirement states this
>
>" Inbound http traffic including .gif, .jpeg, .jpg should be limited to
>100K."
>
>In the absence of more information, I took inbound to mean inbound on a
>specific interface, therefore it was not specified whether inbound
>refers to flows from clients to servers or servers to clients. Also as
>stated the .gif and .jpeg lead me to conclude the question is referring
>to file extensions, not mime types.
>
>I guess it all comes down to exact wording and interpretation of the
>question.
>
>Chris
>
>-----Original Message-----
>From: Gajewski Mariusz - TP POLPAK
>[mailto:Mariusz.Gajewski@telekomunikacja.pl]
>Sent: Tuesday, September 06, 2005 10:58 AM
>To: Chris Lewis (chrlewis); John Matus; nhqky888@ybb.ne.jp;
>ccielab@groupstudy.com
>Subject: RE: match protocol http url
>
>Guys,
> Please correct me if I'm wrong but , If I understand the task
>correctly - we'll be matching on http responses from the serwer to
>clients - and if this is the case - we need to match on :
>Match proto http mime
>
>Not :
>
>Match proto http url
>
>Am I right ?
>
>Cheers,
>Mariusz
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Chris Lewis (chrlewis)
>Sent: Tuesday, September 06, 2005 5:41 PM
>To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
>Subject: RE: match protocol http url
>
>
>KY,
>
>Your configuration looks close to me. I would do it slightly
>differently though.
>
>The basic constructs seem fine, matching on the file extensions listed
>(it does not seem to be asking for matching on mime as the
>specifications are with a period) and the drop class is a match all
>excluding the policed traffic class.
>
>I would just change the >>> match protocol http url "*.*"
>
>To match protocol http host *
>
>Your entry matches on anything after the www.anydomain.com portion so
>if an HTTP request to www.cisco.com came through, it would make it, as
>there is nothing after the .com, however matching on the host stops any
>requests.
>
>Chris
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>John Matus
>Sent: Saturday, September 03, 2005 11:53 PM
>To: John Matus; nhqky888@ybb.ne.jp; ccielab@groupstudy.com
>Subject: Re: match protocol http url
>
>.....and i don't have a router in from of me so forgive me
>
>1) can you "match-not" a class? if so..........interesting
>2) i forget if you can match just http traffice w/ "match pro http" or
>if it has to be "match pro http url *". if the later is the case yours
>might be correct.
>
>
>Regards,
>
>John D. Matus
>MCSE, CCNP
>Office: 818-782-2061
>Cell: 818-430-8372
>jmatus@pacbell.net
>----- Original Message -----
>From: "John Matus" <jmatus@pacbell.net>
>To: "John Matus" <jmatus@pacbell.net>; <nhqky888@ybb.ne.jp>;
><ccielab@groupstudy.com>
>Sent: Saturday, September 03, 2005 9:49 PM
>Subject: Re: match protocol http url
>
>
> > opps, i put "mpeg" where i meant to put "gif"
> >
> >
> > Regards,
> >
> > John D. Matus
> > MCSE, CCNP
> > Office: 818-782-2061
> > Cell: 818-430-8372
> > jmatus@pacbell.net
> > ----- Original Message -----
> > From: "John Matus" <jmatus@pacbell.net>
> > To: <nhqky888@ybb.ne.jp>; <ccielab@groupstudy.com>
> > Sent: Saturday, September 03, 2005 9:45 PM
> > Subject: Re: match protocol http url
> >
> >
> >> mmm. i think you match-not statement is off <i think> with this
> >> you will first match all http traffice "except" pictures and then
> >> drop it
>
> >> that leaves pictures to be matched in class pics where you can
> >> police
>it.
> >>
> >> class-map match-all http_not_pics
> >> match pro http
> >> match not pro http url "*.jpg"
> >> match not pro mime "*jpg"
> >> match not pro http url "*.mgeg"
> >> match not pro mime "*.mpeg"
> >>
> >> class-map match-all pics
> >> match pro http url "*.jpg"
> >> match pro mime "*jpg"
> >> match pro http url "*.mgeg"
> >> match pro mime "*.mpeg"
> >>
> >>
> >> policy-map pics
> >> class pics
> >> police cir 1000000
> >> class http_not_pics
> >> action drop
> >>
> >>
> >>
> >> Regards,
> >>
> >> John D. Matus
> >> MCSE, CCNP
> >> Office: 818-782-2061
> >> Cell: 818-430-8372
> >> jmatus@pacbell.net
> >> ----- Original Message -----
> >> From: <nhqky888@ybb.ne.jp>
> >> To: <ccielab@groupstudy.com>
> >> Sent: Saturday, September 03, 2005 9:28 PM
> >> Subject: match protocol http url
> >>
> >>
> >>> Hi all,
> >>>
> >>> Here is a task,
> >>>
> >>> Inbound http traffic including .gif, .jpeg, .jpg should be limited
> >>> to 100K.
> >>> All any other http files should be droped.
> >>>
> >>>
> >>> My solution;
> >>>
> >>>
> >>> ip cef
> >>> !
> >>> class-map match-any police
> >>> match protocol http url "*.gif"
> >>> match protocol http url "*.jpg"
> >>> match protocol http url "*.jpeg"
> >>> class-map match-all drop
> >>> match not class-map police
> >>> match protocol http url "*.*"
> >>> !
> >>> !
> >>> policy-map NBAR
> >>> class police
> >>> police cir 100000
> >>> conform-action transmit
> >>> exceed-action drop
> >>> class drop
> >>> drop
> >>> !
> >>> interface Ethernet0/0.9
> >>> encapsulation dot1Q 9
> >>> ip address 1.1.9.3 255.255.255.0
> >>> service-policy input NBAR
> >>> !
> >>>
> >>>
> >>> Does "*.*" mean any http files on my soluiton?
> >>>
> >>> Correct me if I am wrong.
> >>>
> >>>
> >>> KY
> >>>
> >>> __________________________________________________________________
> >>> __ ___ Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> ___________________________________________________________________
> >> __ __ Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3