From: lalit gupta (lalit.tech@gmail.com)
Date: Mon Oct 08 2007 - 03:04:31 ART
Hi Subodh,
i do agree, but it will match DNS and with either Jpg , jpeg or gif... Means
in single line it will OR and and for both the lines it will AND.
Please correct me if I am wrong or reply if you are agree.
Rgrds
lalit
On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com> wrote:
>
> My understanding says that "match-all" or "match-any" applies per line.
>
> E.g
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
> match protocol dns
>
> This will match for AND operation of 1st line and second line.
>
> Please correct me if I am wrong.
>
> HTH
> Subodh
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> lalit gupta
> Sent: Monday, October 08, 2007 10:52 AM
> To: Joseph Brunner
> Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
> Subject: Re: Match Protocol
>
> HI Joseph,
>
>
>
> i do agree with your configuration but i differ on one statement
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> Dont you think it should be match-any instead of match all here.. bcoz
> it means any of the image matched... if we say match all , it means all
> should be there to drop it.
>
> Correct me if i m wrong.,
>
>
> rgrds
> lalit
>
> On 10/6/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
> >
> > Thomas,
> >
> > The great Mr. Cappuccio has answered this before... here is my version
>
> > of his wonderful config. Forget CCO its not much help for this. Oh,
> > and yeah I tested it in my office... it works!
> >
> >
> > access-list 100 remark to VLAN_34
> > access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
> >
> > class-map match-all IMAGES
> > match protocol http url "*.jpg|*.jpeg|*.gif"
> >
> > class-map match-all POLICE
> > match access-group 100
> > match protocol http host "www.affirmedsystems.com"
> > match protocol http url "directory/*"
> >
> > class-map match-all DIE
> > match access-group 100
> > match protocol http host "www.affirmedsystems.com"
> > match protocol http url "directory/*"
> > match class-map IMAGES
> >
> > policy-map WEBPOLICY
> > class DIE
> > drop
> > class POLICE
> > police cir 512000
> > class class-default
> >
> >
> > int f0/0
> > desc facing lan
> > service-policy output WEBPOLICY
> >
> > -Joe
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Thomas.W.Johnson@chase.com
> > Sent: Friday, October 05, 2007 2:16 PM
> > To: ccielab@groupstudy.com
> > Subject: Match Protocol
> >
> > I'm ran across a question that wanted you to limit all return traffic
> > from www.thiswebsite.com/thisdirectory destined for a specific VLAN to
>
> > whatever, 512k, and drop any image files (jpg, bmp or gif) from this
> > website.
> > How do you match the image files? I assume it's with the match
> > protocol http command, however, what parameters do you use? Do I need
>
> > to use the match protocol http with the mime parameter or do I use
> > match protocol http with url *.jpg | *.bmp | *.gif? I just don't
> > understand how you match image files with the match protocol command.
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> > Thomas
> > Johnson
> >
> > JP Morgan Chase
> >
> > Global Network Implementation
> > -----------------------------------------
> > This transmission may contain
> > information that is privileged,
> > confidential, legally privileged, and/or exempt from disclosure under
> > applicable law. If you are not the intended recipient, you are hereby
>
> > notified that any disclosure, copying, distribution, or use of the
> > information contained herein (including any reliance
> > thereon) is
> > STRICTLY PROHIBITED. Although this transmission and any attachments
> > are believed to be free of any virus or other defect that might affect
>
> > any computer system into which it is received and opened, it is the
> > responsibility of the recipient to ensure that it is virus free and no
>
> > responsibility is accepted by JPMorgan Chase & Co., its subsidiaries
> > and affiliates, as applicable, for any loss or damage arising in any
> > way from its use.
> > If you
> > received this transmission in error, please immediately contact the
> > sender and destroy the material in its entirety, whether in electronic
>
> > or hard copy format. Thank you.
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s) and
> may contain proprietary, confidential or privileged information. If you are
> not the intended recipient, you should not disseminate, distribute or copy
> this e-mail. Please notify the sender immediately and destroy all copies of
> this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses. The
> company accepts no liability for any damage caused by any virus transmitted
> by this email.
>
> www.wipro.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART