From: san (san.study@gmail.com)
Date: Mon Feb 20 2006 - 04:09:57 GMT-3
Hi all,
protected network ------E0(Router)ATM0/0/0-------PublicN/w (server)
Question:
Virus has identified to specific trigger like "*cmd.exe" . So, Stop
all the GET message for that .
Solution::
Class-map match-any blockvirus
match protocol http url "*cmd.exe"
policy-map blockvirus
class blockvirus
police 8000 confirm drop exceed drop
inter ATM 0/0/0
service-policy input blockvirus
My Questions:
Question Says GET Message should be blocked....But solution looks for
"*cmd.exe" in URL of response. (by the way of applying service
policy at input).
- Is the Solution Correct ? Suggestions/Alternatives ?
- Does that mean the HTTP reply have the "query" in it ?
Thanks
SAN
This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:18 GMT-3