From: Scott Morris (swm@emanon.com)
Date: Sun Feb 04 2007 - 17:38:55 ART
The c-header is client-header while s-header is server-header. So it could
be something in the s-header you are looking for.
However, when you use the match-protocol information, the nice part is that
is bidirectional in nature. So if you just match protocol http url
*www.cisco.com/go/ccie* it will match things both outbound (from users) and
inbound (to users).
The c-header and s-header were introduced in 12.3(11)T (or 12.4 mainline),
so they'd be newer features to test on.
Example from the docs:
In the following example, any response message that contains
"http://www.cisco.com/routers" in the Content-Base, Content-Encoding,
Location, or Server header fields will be classified by NBAR. Typically, a
term with a format similar to "http://www.cisco.com/routers" would be found
in the Content-Base or Location header field of the response message:
match protocol http s-header-field *http://www.cisco.com/routers*
So all we're doing is differentiating whether you will match an inbound or
outbound packet there (client vs. server).
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-J
IPexpert VP - Curriculum Development
IPexpert Sr. Technical Instructor
smorris@ipexpert.com
http://www.ipexpert.com
PS. Link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1833/products_feature_guid
e09186a00804aedb8.html
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomas.W.Johnson@chase.com
Sent: Sunday, February 04, 2007 3:16 PM
To: ccielab@groupstudy.com
Subject: QoS Question
I have a rather complex Qos question. How do you match return traffic from
a URL? For example, I want to match return traffic from users on subnet
10.10.10.0/24 that are accessing the URL www.cisco.com/go/ccie
I saw in the documentation there are three match protocol http commands.
Match protocol http url, match protocol http c-header and match protocol
http s-header and I have a hunch the solution is in one of these commands
combined with an access-list, but I did not find the documentation about
these commands very clear.
Thanks in advance
- Thomas
**********************************************************************
This transmission may contain information that is privileged, confidential,
legally privileged, and/or exempt from disclosure under applicable law. If
you are not the intended recipient, you are hereby notified that any
disclosure, copying, distribution, or use of the information contained
herein (including any reliance thereon) is STRICTLY PROHIBITED. Although
this transmission and any attachments are believed to be free of any virus
or other defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to ensure
that it is virus free and no responsibility is accepted by JPMorgan Chase &
Co., its subsidiaries and affiliates, as applicable, for any loss or damage
arising in any way from its use. If you received this transmission in error,
please immediately contact the sender and destroy the material in its
entirety, whether in electronic or hard copy format. Thank you.
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART