RE: Match Protocol

From: subodh.rawat@wipro.com
Date: Mon Oct 08 2007 - 02:51:30 ART

• Next message: devecchio turner: "I passed CCIE 19026 San Jose 10/05/2007"
• Previous message: shiran guez: "Re: BGP confederation Peer command"
• Maybe in reply to: Thomas.W.Johnson@chase.com: "Match Protocol"
• Next in thread: lalit gupta: "Re: Match Protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

My understanding says that "match-all" or "match-any" applies per line.

E.g
class-map match-all IMAGES
 match protocol http url "*.jpg|*.jpeg|*.gif"
 match protocol dns

This will match for AND operation of 1st line and second line.

Please correct me if I am wrong.

HTH
Subodh
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
lalit gupta
Sent: Monday, October 08, 2007 10:52 AM
To: Joseph Brunner
Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol

HI Joseph,

i do agree with your configuration but i differ on one statement

class-map match-all IMAGES
 match protocol http url "*.jpg|*.jpeg|*.gif"

Dont you think it should be match-any instead of match all here.. bcoz
it means any of the image matched... if we say match all , it means all
should be there to drop it.

Correct me if i m wrong.,

rgrds
lalit

On 10/6/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> Thomas,
>
> The great Mr. Cappuccio has answered this before... here is my version

> of his wonderful config. Forget CCO its not much help for this. Oh,
> and yeah I tested it in my office... it works!
>
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
>
> class-map match-all DIE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
> match class-map IMAGES
>
> policy-map WEBPOLICY
> class DIE
> drop
> class POLICE
> police cir 512000
> class class-default
>
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Thomas.W.Johnson@chase.com
> Sent: Friday, October 05, 2007 2:16 PM
> To: ccielab@groupstudy.com
> Subject: Match Protocol
>
> I'm ran across a question that wanted you to limit all return traffic
> from www.thiswebsite.com/thisdirectory destined for a specific VLAN to

> whatever, 512k, and drop any image files (jpg, bmp or gif) from this
> website.
> How do you match the image files? I assume it's with the match
> protocol http command, however, what parameters do you use? Do I need

> to use the match protocol http with the mime parameter or do I use
> match protocol http with url *.jpg | *.bmp | *.gif? I just don't
> understand how you match image files with the match protocol command.
>
>
>
> Thanks in advance.
>
>
>
> Thomas
> Johnson
>
> JP Morgan Chase
>
> Global Network Implementation
> -----------------------------------------
> This transmission may contain
> information that is privileged,
> confidential, legally privileged, and/or exempt from disclosure under
> applicable law. If you are not the intended recipient, you are hereby

> notified that any disclosure, copying, distribution, or use of the
> information contained herein (including any reliance
> thereon) is
> STRICTLY PROHIBITED. Although this transmission and any attachments
> are believed to be free of any virus or other defect that might affect

> any computer system into which it is received and opened, it is the
> responsibility of the recipient to ensure that it is virus free and no

> responsibility is accepted by JPMorgan Chase & Co., its subsidiaries
> and affiliates, as applicable, for any loss or damage arising in any
> way from its use.
> If you
> received this transmission in error, please immediately contact the
> sender and destroy the material in its entirety, whether in electronic

> or hard copy format. Thank you.
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: devecchio turner: "I passed CCIE 19026 San Jose 10/05/2007"
• Previous message: shiran guez: "Re: BGP confederation Peer command"
• Maybe in reply to: Thomas.W.Johnson@chase.com: "Match Protocol"
• Next in thread: lalit gupta: "Re: Match Protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART