From: Rich Collins (nilsi2002@gmail.com)
Date: Fri Oct 05 2007 - 17:55:21 ART
Joe,
That's nice you put up this example.
I guess for the class-map DIE you could also substitute "match class-map
IMAGES"
with - match protocol http mime "image/*"
Rich
On 10/5/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> Thomas,
>
> The great Mr. Cappuccio has answered this before... here is my version of
> his wonderful config. Forget CCO its not much help for this. Oh, and yeah
> I
> tested it in my office... it works!
>
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
>
> class-map match-all DIE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
> match class-map IMAGES
>
> policy-map WEBPOLICY
> class DIE
> drop
> class POLICE
> police cir 512000
> class class-default
>
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Thomas.W.Johnson@chase.com
> Sent: Friday, October 05, 2007 2:16 PM
> To: ccielab@groupstudy.com
> Subject: Match Protocol
>
> I'm ran across a question that wanted you to limit all return traffic
> from
> www.thiswebsite.com/thisdirectory destined for a specific VLAN to
> whatever,
> 512k, and drop any image files (jpg, bmp or gif) from this
> website.
> How do you match the image files? I assume it's with the match protocol
> http
> command, however, what parameters do you use? Do I need to use the
> match
> protocol http with the mime parameter or do I use match protocol
> http with
> url *.jpg | *.bmp | *.gif? I just don't understand how you
> match image files
> with the match protocol command.
>
>
>
> Thanks in advance.
>
>
>
> Thomas
> Johnson
>
> JP Morgan Chase
>
> Global Network Implementation
> -----------------------------------------
> This transmission may contain
> information that is privileged,
> confidential, legally privileged, and/or
> exempt from disclosure
> under applicable law. If you are not the intended
> recipient, you
> are hereby notified that any disclosure, copying, distribution,
> or
> use of the information contained herein (including any reliance
> thereon) is
> STRICTLY PROHIBITED. Although this transmission and
> any attachments are
> believed to be free of any virus or other
> defect that might affect any
> computer system into which it is
> received and opened, it is the responsibility
> of the recipient to
> ensure that it is virus free and no responsibility is
> accepted by
> JPMorgan Chase & Co., its subsidiaries and affiliates, as
> applicable, for any loss or damage arising in any way from its use.
> If you
> received this transmission in error, please immediately
> contact the sender and
> destroy the material in its entirety,
> whether in electronic or hard copy
> format. Thank you.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART