From: Xiangling (xianglingzj@gmail.com)
Date: Tue Nov 28 2006 - 03:07:45 ART
IMHO there are 2 major differences.
1. Your ACL method only matches destination port of 80, not the source
port. Which means you match only HTTP request but not response.
2. The ACL method will not be working if the server redefined other port
as HTTP port.
Thus using NBAR will be more suitable here.
On 11/28/06, Lab Rat #109385382 <techlist01@gmail.com> wrote:
>
> If I was asked to match HTTP traffic (to later be police'd), is there any
> difference between doing the following:
>
>
>
> class-map HTTP
> match protocol http
>
>
>
> with doing the following:
>
>
>
> access-list 100 permit tcp any any eq www
> class-map HTTP
> match access-group 100
>
>
>
> I've seen it done both ways, and I just want to know if there are any
> distinct functional differences between the two methods.
>
> Thanks,
>
> Ed
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Thanks & Regards, Xiangling |-------------------------| | | \ I Love You All / \ / \___________/
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART