From: alexey (alexnetc@gmail.com)
Date: Sat Nov 03 2007 - 08:45:56 ART
Hi!
In the example from Shamin, images are discarded from ANY url? Or only
pictures for the url and ACL from class POLICE???
If I want drop images for this specific url (www.affirmedsystems.com) only,
should I do it so(???):
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
match access-group 100
match protocol http host "www.affirmedsystems.com"
match protocol http url "directory/*"
Please correct me if I am wrong!!!
2007/10/8, Shamin <ccie.xpert@gmail.com>:
>
> Hi,
>
> I did a solution as below. Can anyone comment on this and tell me if I am
> wrong.
>
> access-list 100 remark to VLAN_34
> access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
>
> class-map match-all IMAGES
> match protocol http url "*.jpg|*.jpeg|*.gif"
>
>
> policy-map DROP_IMAGE
> class IMAGES
> drop
>
> class-map match-all POLICE
> match access-group 100
> match protocol http host "www.affirmedsystems.com"
> match protocol http url "directory/*"
>
>
> policy-map WEBPOLICY
> class POLICE
> police cir 512000
> service-policy DROP_IMAGE
>
> class class-default
>
> int f0/0
> desc facing lan
> service-policy output WEBPOLICY
>
> Awaiting feedbacks.
>
> Regards
> Shameen
>
>
>
>
> On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com> wrote:
> >
> > You are right. You got the Binary operation correct. "match-all" option
> > is optional.
> >
> > But as you asked .............."Dont you think it should be match-any
> > instead of match all here.. bcoz
> > it means any of the image matched... if we say match all , it means all
> > should be there to drop it."..............my understanding is that for
> > single line statement it can be either "match-all" or "match-any".
> >
> > HTH
> > Subodh
> >
> >
> > ________________________________
> >
> > From: lalit gupta [mailto:lalit.tech@gmail.com]
> > Sent: Monday, October 08, 2007 11:35 AM
> > To: Subodh Singh Rawat (WT01 - TELECOM SERVICE PROVIDER)
> > Cc: joe@affirmedsystems.com; Thomas.W.Johnson@chase.com;
> > ccielab@groupstudy.com
> > Subject: Re: Match Protocol
> >
> >
> >
> > Hi Subodh,
> > i do agree, but it will match DNS and with either Jpg , jpeg or gif...
> > Means in single line it will OR and and for both the lines it will AND.
> >
> > Please correct me if I am wrong or reply if you are agree.
> >
> > Rgrds
> > lalit
> >
> >
> > On 10/8/07, subodh.rawat@wipro.com <subodh.rawat@wipro.com > wrote:
> >
> > My understanding says that "match-all" or "match-any" applies
> > per line.
> >
> > E.g
> > class-map match-all IMAGES
> > match protocol http url "*.jpg|*.jpeg|*.gif"
> > match protocol dns
> >
> > This will match for AND operation of 1st line and second line.
> >
> > Please correct me if I am wrong.
> >
> > HTH
> > Subodh
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf Of
> > lalit gupta
> > Sent: Monday, October 08, 2007 10:52 AM
> > To: Joseph Brunner
> > Cc: Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
> > Subject: Re: Match Protocol
> >
> > HI Joseph,
> >
> >
> >
> > i do agree with your configuration but i differ on one statement
> >
> > class-map match-all IMAGES
> > match protocol http url "*.jpg|*.jpeg|*.gif"
> >
> > Dont you think it should be match-any instead of match all
> > here.. bcoz
> > it means any of the image matched... if we say match all , it
> > means all
> > should be there to drop it.
> >
> > Correct me if i m wrong.,
> >
> >
> > rgrds
> > lalit
> >
> > On 10/6/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
> > >
> > > Thomas,
> > >
> > > The great Mr. Cappuccio has answered this before... here is my
> > version
> >
> > > of his wonderful config. Forget CCO its not much help for
> > this. Oh,
> > > and yeah I tested it in my office... it works!
> > >
> > >
> > > access-list 100 remark to VLAN_34
> > > access-list 100 permit tcp any eq www 10.1.34.0 0.0.0.25
> > >
> > > class-map match-all IMAGES
> > > match protocol http url "*.jpg|*.jpeg|*.gif"
> > >
> > > class-map match-all POLICE
> > > match access-group 100
> > > match protocol http host "www.affirmedsystems.com"
> > > match protocol http url "directory/*"
> > >
> > > class-map match-all DIE
> > > match access-group 100
> > > match protocol http host "www.affirmedsystems.com"
> > > match protocol http url "directory/*"
> > > match class-map IMAGES
> > >
> > > policy-map WEBPOLICY
> > > class DIE
> > > drop
> > > class POLICE
> > > police cir 512000
> > > class class-default
> > >
> > >
> > > int f0/0
> > > desc facing lan
> > > service-policy output WEBPOLICY
> > >
> > > -Joe
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > Behalf
> > > Of Thomas.W.Johnson@chase.com
> > > Sent: Friday, October 05, 2007 2:16 PM
> > > To: ccielab@groupstudy.com
> > > Subject: Match Protocol
> > >
> > > I'm ran across a question that wanted you to limit all return
> > traffic
> > > from www.thiswebsite.com/thisdirectory destined for a specific
> > VLAN to
> >
> > > whatever, 512k, and drop any image files (jpg, bmp or gif)
> > from this
> > > website.
> > > How do you match the image files? I assume it's with the
> > match
> > > protocol http command, however, what parameters do you use?
> > Do I need
> >
> > > to use the match protocol http with the mime parameter or do I
> > use
> > > match protocol http with url *.jpg | *.bmp | *.gif? I just
> > don't
> > > understand how you match image files with the match protocol
> > command.
> > >
> > >
> > >
> > > Thanks in advance.
> > >
> > >
> > >
> > > Thomas
> > > Johnson
> > >
> > > JP Morgan Chase
> > >
> > > Global Network Implementation
> > > -----------------------------------------
> > > This transmission may contain
> > > information that is privileged,
> > > confidential, legally privileged, and/or exempt from
> > disclosure under
> > > applicable law. If you are not the intended recipient, you
> > are hereby
> >
> > > notified that any disclosure, copying, distribution, or use of
> > the
> > > information contained herein (including any reliance
> > > thereon) is
> > > STRICTLY PROHIBITED. Although this transmission and any
> > attachments
> > > are believed to be free of any virus or other defect that
> > might affect
> >
> > > any computer system into which it is received and opened, it
> > is the
> > > responsibility of the recipient to ensure that it is virus
> > free and no
> >
> > > responsibility is accepted by JPMorgan Chase & Co., its
> > subsidiaries
> > > and affiliates, as applicable, for any loss or damage arising
> > in any
> > > way from its use.
> > > If you
> > > received this transmission in error, please immediately
> > contact the
> > > sender and destroy the material in its entirety, whether in
> > electronic
> >
> > > or hard copy format. Thank you.
> > >
> > >
> > ______________________________________________________________________
> > > _ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > ______________________________________________________________________
> > > _ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > The information contained in this electronic message and any
> > attachments to this message are intended for the exclusive use of the
> > addressee(s) and may contain proprietary, confidential or privileged
> > information. If you are not the intended recipient, you should not
> > disseminate, distribute or copy this e-mail. Please notify the sender
> > immediately and destroy all copies of this message and any attachments.
> >
> > WARNING: Computer viruses can be transmitted via email. The
> > recipient should check this email and any attachments for the presence
> > of viruses. The company accepts no liability for any damage caused by
> > any virus transmitted by this email.
> >
> > www.wipro.com
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> > The information contained in this electronic message and any attachments
> > to
> > this message are intended for the exclusive use of the addressee(s) and
> > may
> > contain proprietary, confidential or privileged information. If you are
> > not
> > the intended recipient, you should not disseminate, distribute or copy
> > this
> > e-mail. Please notify the sender immediately and destroy all copies of
> > this
> > message and any attachments.
> >
> > WARNING: Computer viruses can be transmitted via email. The recipient
> > should
> > check this email and any attachments for the presence of viruses. The
> > company
> > accepts no liability for any damage caused by any virus transmitted by
> > this
> > email.
> >
> > www.wipro.com
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:27 ART