From: Serdar Kut (kutserdar@gmail.com)
Date: Mon Feb 19 2007 - 04:00:39 ART
hi guys,
for matching the whole url, what about handling it with s-header-field for
http pakets coming from webserver or c-header-field for http packets coming
from clients??with that command it seems that we can match the whole url
with this command only.
check this
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712
On 2/18/07, Ian Blaney <ian.blaney@gmail.com> wrote:
>
> Hi Victor
>
> Thanks for the link. The thing that is confusing me is take a look here
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712
>
> In the example section they give an example
>
> The following example classifies, within class map class3, packets
> based on the JPEG MIME type:
>
> class-map class3
> match protocol http mime "*jpeg"
>
> Have you by any chance tested it?
>
> Cheers
> Ian
>
>
>
> On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> >
> >
> >
> > Hi Ian
> >
> > Take a look here that Scott had all ready handled this topic
> > http://www.groupstudy.com/archives/ccielab/200609/msg00272.html
> >
> > thanks,
> > Victor Cappuccio.-
> > Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
> > Cisco Learning credits!
> > victor@ccbootcamp.com
> > http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> > http://www.ccbootcamp.com/groupstudy.html (groupstudy
> > member discounts!)
> > Voice: 702-968-5100
> > FAX: 702-446-8012
> >
> >
> >
> >
> > -----Original Message-----
> > From: Ian Blaney [mailto:ian.blaney@gmail.com]
> > Sent: Sun 2/18/2007 2:38
> > To: Victor Cappuccio
> > Cc: Jo Johnson; Cisco certification
> > Subject: Re: NBAR question
> >
> > Victor
> >
> > Could the DIE-SCUM class-map not be shortened to the following
> >
> > class-map match-all DIE-SCUM
> > description DROP IMAGES FROM THAT WEB SERVER
> > match class-map IMAGES
> > match class-map POLICE
> >
> > Also to match on images do you not use the mime option instead of url
> >
> > class-map match-any IMAGES
> > description MATCH ANY IMAGE
> > match protocol http mime "*jpeg"
> > match protocol http mime "*jpg"
> > match protocol http mime "*gif"
> >
> > Ian
> >
> >
> > On 2/18/07, Victor Cappuccio <victor@ccbootcamp.com> wrote:
> > > Hi Jo,
> > >
> > > Try this and let me know your comments
> > >
> > > policy-map CCBOOTCAMP
> > > description THIS PLCY IS TAKEN FROM A DRAFT VERSION OF THE NEW NLI
> WB
> > > class DIE-SCUM
> > > drop
> > > class POLICE
> > > police 64000
> > > class class-default
> > > !
> > >
> > > class-map match-any IMAGES
> > > description MATCH ANY IMAGE
> > > match protocol http url "*.jpg"
> > > match protocol http url "*.gif"
> > > match protocol http url "*.jpeg"
> > >
> > > class-map match-all POLICE
> > > description LETS POLICE BROWSING TO THAT WEBSERVER
> > > match protocol http host "www.acmecomputers.com"
> > > match protocol http url "/directory/*"
> > > match access-group 100
> > >
> > > class-map match-all DIE-SCUM
> > > description DROP IMAGES FROM THAT WEB SERVER
> > > match class-map IMAGES
> > > match protocol http host "www.acmecomputers.com"
> > > match protocol http url "/directory/*"
> > > match access-group 100
> > > !
> > >
> > > access-list 100 permit ip any any
> > >
> > >
> > > int f0/2
> > > service-policy inbound CCBOOTCAMP
> > >
> > >
> > > if you need help in the verification, let me know, maybe we can share
> a
> > rack,
> > > and explain how to test this.
> > >
> > > thanks,
> > > Victor Cappuccio.-
> > > Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We
> take
> > > Cisco Learning credits!
> > > victor@ccbootcamp.com
> > > http://www.ccbootcamp.com (Cisco Training and Rental Racks)
> > > http://www.ccbootcamp.com/groupstudy.html (groupstudy
> > member discounts!)
> > > Voice: 702-968-5100
> > > FAX: 702-446-8012
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com on behalf of Jo Johnson
> > > Sent: Sat 2/17/2007 13:00
> > > To: Cisco certification
> > > Subject: NBAR question
> > >
> > > Hi all,
> > >
> > > Here is another NBAR question. In general, I have a hard time
> > understanding
> > > the definition of the "match protocol http (host, url, and mime)
> command,
> > > but I have some examples of my interpretation below:
> > >
> > >
> > > I want to police response traffic from www.acmecomputers.com/filesexcept
> > > images--that I want to drop.
> > >
> > > Question-Is it possible to combine the host www.acmecomputers.com and
> the
> > > url /files into one match statement. Also, what are your thoughts on
> my
> > > solution below?
> > >
> > > Thanks
> > >
> > > class-map IMAGES
> > > match protocol http url *.jpeg
> > > match protocol http url *.jpg
> > > match protocol http url *.gif
> > >
> > > class-map match-all ACME_TRAFFIC
> > > match protocol http host www.acmecomputers.com
> > > match protocol http url /directory*
> > >
> > > policy-map DROPIT
> > > class IMAGES
> > > drop
> > >
> > > policy-map POLICE
> > > class ACME_TRAFFIC
> > > service-policy input DROPIT
> > > police 640000 conform transmit exceed drop
> > >
> > >
> > > interface fa0/0
> > > service-policy input POLICE
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART