From: Scott Morris (smorris@ipexpert.com)
Date: Mon Oct 08 2007 - 08:58:53 ART
Correct. Any time you have multiple options on a single line, that
automatically is an OR operation. The match-any vs. match-all is comparing
when you have multiple lines within the class-map as being OR or AND
operations.
Btw, I'd probably add *.jpe in there as it's another variant. But if your
lab scenario specifies the extensions, then go with just those. :)
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
#153, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor
A Cisco Learning Partner - We Accept Learning Credits!
smorris@ipexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
subodh.rawat@wipro.com
Sent: Monday, October 08, 2007 3:11 AM
To: lalit.tech@gmail.com
Cc: joe@affirmedsystems.com; Thomas.W.Johnson@chase.com;
ccielab@groupstudy.com
Subject: RE: Match Protocol
You are right. You got the Binary operation correct. "match-all" option is
optional.
But as you asked .............."Dont you think it should be match-any
instead of match all here.. bcoz it means any of the image matched... if we
say match all , it means all should be there to drop it."..............my
understanding is that for single line statement it can be either "match-all"
or "match-any".
HTH
Subodh
________________________________
From: lalit gupta [mailto:lalit.tech@gmail.com]
Sent: Monday, October 08, 2007 11:35 AM
To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
Cc: joe@affirmedsystems.com; Thomas.W.Johnson@chase.com;
ccielab@groupstudy.com
Subject: Re: Match Protocol
Hi Subodh,
i do agree, but it will match DNS and with either Jpg , jpeg or gif...
Means in single line it will OR and and for both the lines it will AND.
Please correct me if I am wrong or reply if you are agree.
Rgrds
lalit
On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com > wrote:
My understanding says that "match-all" or "match-any" applies per
line.
E.g
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
match protocol dns
This will match for AND operation of 1st line and second line.
Please correct me if I am wrong.
HTH
Subodh
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
lalit gupta
Sent: Monday, October 08, 2007 10:52 AM
To: Joseph Brunner
Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
HI Joseph,
i do agree with your configuration but i differ on one statement
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
Dont you think it should be match-any instead of match all here..
bcoz
it means any of the image matched... if we say match all , it means
all
should be there to drop it.
Correct me if i m wrong.,
rgrds
lalit
On 10/6/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
>
> Thomas,
>
> The great Mr. Cappuccio has answered this before... here is my
version
> of his wonderful config. Forget CCO its not much help for this.
Oh,
> and yeah I tested it in my office... it works!
>
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
>
> class-map match-all DIE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
> match class-map IMAGES
>
> policy-map WEBPOLICY
> class DIE
> drop
> class POLICE
> police cir 512000
> class class-default
>
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> Of Thomas.W.Johnson@chase.com
> Sent: Friday, October 05, 2007 2:16 PM
> To: ccielab@groupstudy.com
> Subject: Match Protocol
>
> I'm ran across a question that wanted you to limit all return
traffic
> from www.thiswebsite.com/thisdirectory destined for a specific
VLAN to
> whatever, 512k, and drop any image files (jpg, bmp or gif) from
this
> website.
> How do you match the image files? I assume it's with the match
> protocol http command, however, what parameters do you use?
Do I need
> to use the match protocol http with the mime parameter or do I use
> match protocol http with url *.jpg | *.bmp | *.gif? I just don't
> understand how you match image files with the match protocol
command.
>
>
>
> Thanks in advance.
>
>
>
> Thomas
> Johnson
>
> JP Morgan Chase
>
> Global Network Implementation
> -----------------------------------------
> This transmission may contain
> information that is privileged,
> confidential, legally privileged, and/or exempt from disclosure
under
> applicable law. If you are not the intended recipient, you are
hereby
> notified that any disclosure, copying, distribution, or use of the
> information contained herein (including any reliance
> thereon) is
> STRICTLY PROHIBITED. Although this transmission and any
attachments
> are believed to be free of any virus or other defect that might
affect
> any computer system into which it is received and opened, it is
the
> responsibility of the recipient to ensure that it is virus free
and no
> responsibility is accepted by JPMorgan Chase & Co., its
subsidiaries
> and affiliates, as applicable, for any loss or damage arising in
any
> way from its use.
> If you
> received this transmission in error, please immediately contact
the
> sender and destroy the material in its entirety, whether in
electronic
> or hard copy format. Thank you.
>
>
This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:12 ART