From: Henk de Tombe (henk.de.tombe@qi.nl)
Date: Mon Oct 17 2005 - 07:10:49 GMT-3
Hi,
I've tested the following:
class-map match-all univercd
match protocol http url "*.gif"
match protocol http host "*cisco*"
policy-map test
class univercd
set ip precedence 7
*********** outbound test ************
Int fa1/0 (connected to host)
Service policy input test
Int atm 0/0.7 (connected to internet)
Ip access-group 199 out
*********** inbound test *************
Int fa1/0 (connected to host)
Ip access-group 199 out
Int atm 0/0.7 (connected to internet)
Service policy input test
access-list 199 deny ip any any precedence network
access-list 199 permit ip any any
Clear your browsers cache, shutdown the browser and try to connect to
univercd. You will see that the images (*.gif) will be missing. The menubar
of univercd will be missing. I fired up a packettracer and saw TCP
retransmissions for the requests that contains *.gif in the URL portion.
The retransmissions from the host are initiated when blocking URL inbound or
outbound. For the host it makes no difference. For the router it does make
difference, if you block URL on outbound/outgoing side, the HTTP get request
will never reach the webserver on the internet. When you block URL on
inbound/incoming side the request does make it at the webserver on the
internet, and is dropped when they come in at the router.
I prefer blocking URL/HOST on outgoing requests, because it's more
efficient.
Regards,
Henk
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens simon hart
Verzonden: maandag 17 oktober 2005 10:51
Aan: Group Study
Onderwerp: Match protocol http url | mime
Hi all,
I have been playing with this command and would like an opinion on the
direction by which this command should be applied. As an example I set up
the following:
Host----------e0-R1-e1--------------------Internet
The Host is a windows pc with IE explorer and packet capturing using
Ethereal
I apply the following commands
policy-map QOS
Class HTTP
drop
class-map HTTP
match url */image/*
service-policy out QOS or service-policy out QOS
Now my question is regarding the servic-policy command. In order to drop
anything associated with a directory string that contains /image/ should I
apply the command outbound on e0 or inbound.
In notice that when I have it applied as outbound then I get a number of
hits within the class map, however the web page will refresh - albeit
slowly.
If I put the command on inbound then I also get a number of hits in the
class-map, however upon refreshing the web page, the page will hang halfway
through.
So which would be more appropriate outbound or inbound?? Would this be the
same for mime requests?
Thanks
Simon
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.12.2/137 - Release Date: 16/10/2005
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3