Re: Match protocol http url | mime

From: The Great Ryan (pv.ryan@gmail.com)
Date: Mon Oct 17 2005 - 12:07:38 GMT-3

• Next message: Christopher M. Heffner: "RE: IDS Best Practice"
• Previous message: Andrew Lissitz \(alissitz\): "RE: max-metric router-lsa on-startup wait-for-bgp"
• Maybe in reply to: simon hart: "Match protocol http url | mime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Just want to answer question about direction for "match protocol http"

"match protocol http url" is matched when client initiate HTTP request ?
"match protocol http mime" is matched when HTTP server return traffic
to client ?
"match protocol http host" is matched when HTTP server return traffic
to client ?

Please correct me if there is any mistake above. Thanks !

Regards,
Ryan

2005/10/17, Scott Morris <swm@emanon.com>:
> Matching on the URL string would assume (generally not a good idea) that
> everyone puts their pictures into an /images/ directory.
>
> If you match on MIME types for "image/*" then that will cover any type of
> image (GIF, JPG, etc) no matter what the filename or originating directory
> structure.
>
> Just a thought. It's Monday though, and I haven't been caffienated yet.
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tim
> Sent: Monday, October 17, 2005 7:45 AM
> To: 'simon hart'; 'Group Study'
> Subject: RE: Match protocol http url | mime
>
> Hi Simon,
>
> As unusual and unfortunately, I can't give you a definitive answer to your
> excellent question.
>
> However, for purposes of what to do if confronted with this scenario and
> uncertainty in the lab, I would advise you, if possible, to cover all bases
> by applying the policy in both directions.
>
> This way you don't lost points regardless of what the true answer is.
>
> I also suspect that you will be given subtle "clues" with the working of the
> question which may include words such as "requests" or "replies" which may
> indicate in which direction the policy should be applied. This, in combo
> with being told on which interface your policy should be applied may be all
> the info you need to correctly meet the task requirements.
>
> Of course, if there's still any ambiguity, I would approach the proctor with
> a "do they mean this or do they mean that" type of question.
>
> Also, keep in mind, if have to apply your policy to either "this" type of
> traffic or "that" type of traffic, that the class-map command makes it easy
> to handle this type of problem by allowing you the option of "match-any" or
> "match-all" construct.
>
> I mention this last point only because I remember struggling to solve a
> similar type of problem by using something like this:
>
> Class-map HTTP
> match http <reg-exp>
>
> While using a <reg-exp> to fulfill a "either" condition could work, by
> forgetting about the "match-any" option, I made my life much more difficult,
> unnecessarily.
>
> HTH, Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> simon hart
> Sent: Monday, October 17, 2005 4:51 AM
> To: Group Study
> Subject: Match protocol http url | mime
>
> Hi all,
>
> I have been playing with this command and would like an opinion on the
> direction by which this command should be applied. As an example I set up
> the following:
>
> Host----------e0-R1-e1--------------------Internet
>
> The Host is a windows pc with IE explorer and packet capturing using
> Ethereal
>
> I apply the following commands
>
> policy-map QOS
> Class HTTP
> drop
>
> class-map HTTP
> match url */image/*
>
> service-policy out QOS or service-policy out QOS
>
> Now my question is regarding the servic-policy command. In order to drop
> anything associated with a directory string that contains /image/ should I
> apply the command outbound on e0 or inbound.
>
> In notice that when I have it applied as outbound then I get a number of
> hits within the class map, however the web page will refresh - albeit
> slowly.
>
> If I put the command on inbound then I also get a number of hits in the
> class-map, however upon refreshing the web page, the page will hang halfway
> through.
>
> So which would be more appropriate outbound or inbound?? Would this be the
> same for mime requests?
>
> Thanks
>
> Simon
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.12.2/137 - Release Date: 16/10/2005
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Christopher M. Heffner: "RE: IDS Best Practice"
• Previous message: Andrew Lissitz \(alissitz\): "RE: max-metric router-lsa on-startup wait-for-bgp"
• Maybe in reply to: simon hart: "Match protocol http url | mime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3