RE: Class-map match protocol http

From: Chris Gray (chris.gray@ozonenetworks.net)
Date: Sun May 25 2008 - 12:46:44 ART

My take on this..

If we match on the outbound direction We can only match on the http get i.e.
we are matching on the packets leaving our browser.
We can match on..

1) the host (match protocol http host www.cisco.com)
2) a path in a url (e.g. match protocol http url news* would match
http://domain.any/news and more specific paths beyond this url such as
http://domain.any/news/today/highlights/

But do we need to enable ip nbar protocol discovery ? I ran tests and found
that I did not, certainly not to register a count increase on the policy
applied in the outbound direction of my router .

What about the return packets coming from these get requests though...
I mean our browser does not send images to the web server, they usually come
back in the reply from our get.

Now I need to understand the relevance of matching an image. Either matching
by mime type , or by url and specifying the file extension - either will do
the job as I understand it.

So how can we rate limit these replies? I am not so sure we can police in a
service policy in the inbound direction.So do we only classify inbound and
police in a separate egress policy? Do we need ip nbar protocol discovery
enabled on the inbound interface?

So many questions are hitting me now! Guess I need to keep reading.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Mike
Harrison
Sent: 25 May 2008 10:17
To: Scott Morris
Cc: ccielab@groupstudy.com
Subject: Re: Class-map match protocol http

So, should we match URL in the outbound direction (traffic from the client
to the server), and match MIME in the return direction (Server to client)?

Or is this wrong ??

TIA
Mike
----- Original Message -----
From: "Scott Morris" <smorris@ipexpert.com>
To: "'Mike M'" <mike_malan@yahoo.co.uk>; "'Joseph Brunner'"
<joe@affirmedsystems.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, May 25, 2008 3:55 AM
Subject: RE: Class-map match protocol http

> File names are URL. MIME types are simply image/jpeg which covers ALL
> file
> extensions involved. (different way of identifying)
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> smorris@ipexpert.com
>
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mike
> M
> Sent: Saturday, May 24, 2008 5:44 PM
> To: Joseph Brunner
> Cc: ccielab@groupstudy.com
> Subject: RE: Class-map match protocol http
>
> Hi, Joe and others
>
> A little bit confused with the following. You may be able to help.
>
> If I need to match gif, jpeg and jpg files wouldnt you match mime not url?

> I
> thought these image files are mime files?
>
> eg,
> Match: protocol http mime *.jpeg|*.jpg|*.gif
>
> NOT
>
> Match: protocol http url *.jpeg|*.jpg|*.gif
>
> Thanks
> Mike M
>
> -- Joseph Brunner <joe@affirmedsystems.com> wrote:
>
>> I'm not the joe, but try this link...
>>
>> http://www.wr-mem.com/?p=95
>>
>> this horse had really be beaten down a few times...
>> try, victor capucchio's
>> block as well...
>>
>>
>
http://vcappuccio.wordpress.com/2007/10/21/how-to-use-the-drop-statment-in-m
>> qc/
>>
>> -Joe
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com
>> [mailto:nobody@groupstudy.com] On Behalf Of kriz@ozonenetworks.net
>> Sent: Saturday, May 24, 2008 4:26 PM
>> To: ccielab@groupstudy.com
>> Subject: Class-map match protocol http
>>
>> HI,
>>
>> Can someone please clarify something for me?
>>
>> I think I have seen this mentioned before but cannot find it in the
>> archive
>> -
>> sorry if I am duplicating a question here.
>>
>> MQC question.
>>
>> When creating a class-map to match a url for arguments sake
>> http://www.simplyip.co.uk/home
>>
>> If I match like this:
>>
>> class-map match all WWW
>> match protocol http url
>> "http://www.simplyip.co.uk/home"
>>
>> is it the same as
>>
>> class-map match all WWW
>> match protocol http host www.simplyip.co.uk match protocol http /home
>>
>> secondly, if trying to match multiple mime types for example .gif .tif
>> and .jpeg
>>
>> is this
>>
>> class-map match any MIME
>> match protocol http mime "*.gif | *.tif | *.jpeg"
>>
>> the same as
>> class-map match any MIME
>> match protocol http mime *.gif
>> match protocol http mime *.tif
>> match protocol http mime *.jpeg
>>
>>
>> I really appreciate your help - Thanks
>>
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>
>
>
>
> __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART