Re: Match Protocol

From: Shamin (ccie.xpert@gmail.com)
Date: Mon Oct 08 2007 - 06:12:18 ART

• Next message: subodh.rawat@wipro.com: "RE: Match Protocol"
• Previous message: lalit gupta: "Re: Match Protocol"
• Maybe in reply to: Thomas.W.Johnson@chase.com: "Match Protocol"
• Next in thread: subodh.rawat@wipro.com: "RE: Match Protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Joseph

Regards
shamin

On 10/8/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> Your policy should work also. You nested a "drop all images" inside an
> all http traffic coming from the "directory". Nice.
>
>
>
> I'll tell you for certain tomorrow when I'm behind a router with my web
> browser and I apply it.
>
>
>
> -Joe
>
>
> ------------------------------
>
> *From:* Shamin [mailto:ccie.xpert@gmail.com]
> *Sent:* Monday, October 08, 2007 4:51 AM
> *To:* subodh.rawat@wipro.com
> *Cc:* lalit.tech@gmail.com; joe@affirmedsystems.com;
> Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
> *Subject:* Re: Match Protocol
>
>
>
> Hi,
>
> I did a solution as below. Can anyone comment on this and tell me if I am
> wrong.
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
>
> policy-map DROP_IMAGE
> class IMAGES
> drop
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host " www.affirmedsystems.com"
> match protocol http url "directory/*"
>
>
> policy-map WEBPOLICY
> class POLICE
> police cir 512000
> service-policy DROP_IMAGE
>
> class class-default
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> Awaiting feedbacks.
>
> Regards
> Shameen
>
>
>
>
>
>
>
> On 10/8/07, *subodh.rawat@wipro.com* <subodh.rawat@wipro.com> wrote:
>
> You are right. You got the Binary operation correct. "match-all" option
> is optional.
>
> But as you asked .............."Dont you think it should be match-any
> instead of match all here.. bcoz
> it means any of the image matched... if we say match all , it means all
> should be there to drop it."..............my understanding is that for
> single line statement it can be either "match-all" or "match-any".
>
> HTH
> Subodh
>
>
> ________________________________
>
> From: lalit gupta [mailto:lalit.tech@gmail.com]
> Sent: Monday, October 08, 2007 11:35 AM
> To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
> Cc: joe@affirmedsystems.com; Thomas.W.Johnson@chase.com;
> ccielab@groupstudy.com
> Subject: Re: Match Protocol
>
>
>
> Hi Subodh,
> i do agree, but it will match DNS and with either Jpg , jpeg or gif...
> Means in single line it will OR and and for both the lines it will AND.
>
> Please correct me if I am wrong or reply if you are agree.
>
> Rgrds
> lalit
>
>
> On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com > wrote:
>
> My understanding says that "match-all" or "match-any" applies
> per line.
>
> E.g
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
> match protocol dns
>
> This will match for AND operation of 1st line and second line.
>
> Please correct me if I am wrong.
>
> HTH
> Subodh
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On
> Behalf Of
> lalit gupta
> Sent: Monday, October 08, 2007 10:52 AM
> To: Joseph Brunner
> Cc: Thomas.W.Johnson@chase.com ; ccielab@groupstudy.com
> Subject: Re: Match Protocol
>
> HI Joseph,
>
>
>
> i do agree with your configuration but i differ on one statement
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> Dont you think it should be match-any instead of match all
> here.. bcoz
> it means any of the image matched... if we say match all , it
> means all
> should be there to drop it.
>
> Correct me if i m wrong.,
>
>
> rgrds
> lalit
>
> On 10/6/07, Joseph Brunner <joe@affirmedsystems.com > wrote:
> >
> > Thomas,
> >
> > The great Mr. Cappuccio has answered this before... here is my
> version
>
> > of his wonderful config. Forget CCO its not much help for
> this. Oh,
> > and yeah I tested it in my office... it works!
> >
> >
> > access-list 100 remark to VLAN_34
> > access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
> >
> > class-map match-all IMAGES
> > match protocol http url "*.jpg|*.jpeg|*.gif"
> >
> > class-map match-all POLICE
> > match access-group 100
> > match protocol http host "www.affirmedsystems.com"
> > match protocol http url "directory/*"
> >
> > class-map match-all DIE
> > match access-group 100
> > match protocol http host "www.affirmedsystems.com"
> > match protocol http url "directory/*"
> > match class-map IMAGES
> >
> > policy-map WEBPOLICY
> > class DIE
> > drop
> > class POLICE
> > police cir 512000
> > class class-default
> >
> >
> > int f0/0
> > desc facing lan
> > service-policy output WEBPOLICY
> >
> > -Joe
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > Of Thomas.W.Johnson@chase.com
> > Sent: Friday, October 05, 2007 2:16 PM
> > To: ccielab@groupstudy.com
> > Subject: Match Protocol
> >
> > I'm ran across a question that wanted you to limit all return
> traffic
> > from www.thiswebsite.com/thisdirectory destined for a specific
> VLAN to
>
> > whatever, 512k, and drop any image files (jpg, bmp or gif)
> from this
> > website.
> > How do you match the image files? I assume it's with the
> match
> > protocol http command, however, what parameters do you use?
> Do I need
>
> > to use the match protocol http with the mime parameter or do I
> use
> > match protocol http with url *.jpg | *.bmp | *.gif? I just
> don't
> > understand how you match image files with the match protocol
> command.
> >
> >
> >
> > Thanks in advance.
> >
> >
> >
> > Thomas
> > Johnson
> >
> > JP Morgan Chase
> >
> > Global Network Implementation
> > -----------------------------------------
> > This transmission may contain
> > information that is privileged,
> > confidential, legally privileged, and/or exempt from
> disclosure under
> > applicable law. If you are not the intended recipient, you
> are hereby
>
> > notified that any disclosure, copying, distribution, or use of
> the
> > information contained herein (including any reliance
> > thereon) is
> > STRICTLY PROHIBITED. Although this transmission and any
> attachments
> > are believed to be free of any virus or other defect that
> might affect
>
> > any computer system into which it is received and opened, it
> is the
> > responsibility of the recipient to ensure that it is virus
> free and no
>
> > responsibility is accepted by JPMorgan Chase & Co., its
> subsidiaries
> > and affiliates, as applicable, for any loss or damage arising
> in any
> > way from its use.
> > If you
> > received this transmission in error, please immediately
> contact the
> > sender and destroy the material in its entirety, whether in
> electronic
>
> > or hard copy format. Thank you.
> >
> >
> ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain proprietary, confidential or privileged
> information. If you are not the intended recipient, you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately and destroy all copies of this message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The
> recipient should check this email and any attachments for the presence
> of viruses. The company accepts no liability for any damage caused by
> any virus transmitted by this email.
>
> www.wipro.com
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
> The information contained in this electronic message and any attachments
> to
> this message are intended for the exclusive use of the addressee(s) and
> may
> contain proprietary, confidential or privileged information. If you are
> not
> the intended recipient, you should not disseminate, distribute or copy
> this
> e-mail. Please notify the sender immediately and destroy all copies of
> this
> message and any attachments.
>
> WARNING: Computer viruses can be transmitted via email. The recipient
> should
> check this email and any attachments for the presence of viruses. The
> company
> accepts no liability for any damage caused by any virus transmitted by
> this
> email.
>
> www.wipro.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: subodh.rawat@wipro.com: "RE: Match Protocol"
• Previous message: lalit gupta: "Re: Match Protocol"
• Maybe in reply to: Thomas.W.Johnson@chase.com: "Match Protocol"
• Next in thread: subodh.rawat@wipro.com: "RE: Match Protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART