From: Joseph Brunner (joe@affirmedsystems.com)
Date: Fri Oct 05 2007 - 20:27:26 ART
Oops in this case your right.
In the original example where I got my sample config it was jpg|gif|jpeg
ONLY
So I guess you can use mime if your matching ALL image types. but if its
just the three, then you should use the .ext regexp.
-Joe
_____
From: Rich Collins [mailto:nilsi2002@gmail.com]
Sent: Friday, October 05, 2007 6:40 PM
To: Joseph Brunner
Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
Joe,
I am prone to losing points that way but I thought the original question was
image files?
Rich
On 10/5/07, Joseph Brunner < joe@affirmedsystems.com
<mailto:joe@affirmedsystems.com> > wrote:
Rich,
Did the question say bitmap (bmp)?
-3 points
_____
From: Rich Collins [mailto: nilsi2002@gmail.com]
Sent: Friday, October 05, 2007 4:55 PM
To: Joseph Brunner
Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
Joe,
That's nice you put up this example.
I guess for the class-map DIE you could also substitute "match class-map
IMAGES"
with - match protocol http mime "image/*"
Rich
On 10/5/07, Joseph Brunner < joe@affirmedsystems.com
<mailto:joe@affirmedsystems.com> > wrote:
Thomas,
The great Mr. Cappuccio has answered this before... here is my version of
his wonderful config. Forget CCO its not much help for this. Oh, and yeah I
tested it in my office... it works!
access-list 100 remark to VLAN_34
access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
class-map match-all POLICE
match access-group 100
match protocol http host "www.affirmedsystems.com"
match protocol http url "directory/*"
class-map match-all DIE
match access-group 100
match protocol http host "www.affirmedsystems.com"
match protocol http url "directory/*"
match class-map IMAGES
policy-map WEBPOLICY
class DIE
drop
class POLICE
police cir 512000
class class-default
int f0/0
desc facing lan
service-policy output WEBPOLICY
-Joe
-----Original Message-----
From: nobody@groupstudy.com [mailto: <mailto:nobody@groupstudy.com>
nobody@groupstudy.com] On Behalf Of
Thomas.W.Johnson@chase.com
Sent: Friday, October 05, 2007 2:16 PM
To: ccielab@groupstudy.com
Subject: Match Protocol
I'm ran across a question that wanted you to limit all return traffic
from
www.thiswebsite.com/thisdirectory destined for a specific VLAN to
whatever,
512k, and drop any image files (jpg, bmp or gif) from this
website.
How do you match the image files? I assume it's with the match protocol
http
command, however, what parameters do you use? Do I need to use the
match
protocol http with the mime parameter or do I use match protocol
http with
url *.jpg | *.bmp | *.gif? I just don't understand how you
match image files
with the match protocol command.
Thanks in advance.
Thomas
Johnson
JP Morgan Chase
Global Network Implementation
-----------------------------------------
This transmission may contain
information that is privileged,
confidential, legally privileged, and/or
exempt from disclosure
under applicable law. If you are not the intended
recipient, you
are hereby notified that any disclosure, copying, distribution,
or
use of the information contained herein (including any reliance
thereon) is
STRICTLY PROHIBITED. Although this transmission and
any attachments are
believed to be free of any virus or other
defect that might affect any
computer system into which it is
received and opened, it is the responsibility
of the recipient to
ensure that it is virus free and no responsibility is
accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you
received this transmission in error, please immediately
contact the sender and
destroy the material in its entirety,
whether in electronic or hard copy
format. Thank you.
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART