NBAR and nested policies

From: mab_bel@hotmail.com
Date: Wed Jul 23 2008 - 07:17:01 ART

• Next message: GAURAV MADAN: "Re: tunnel recursive routing"
• Previous message: Daniel Kutchin: "RE: tunnel recursive routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all

I have the following requirements:
Clients on Vlan 10 and 50 access a URL located on VLAN 20.
This url is http://www.hostname.com/ROOT
* Traffic from this URL back to these users should not exceed 640 Kbps.
* Drop images files downloaded downloaded from this URL.
* Image names end with the suffix: .gif or .jpeg

would the following solution be correct?
thanks for any input.

ip access-list extended HTTP
 permit tcp any eq www 100.10.50.0 0.0.0.255
 permit tcp any eq www 100.10.10.0 0.0.0.255

class-map match-all HTTP
 match access-group name HTTP
 match protocol http host "www.hostname.com"
!
class-map match-any IMAGE
 match protocol http url "*.gif*"
 match protocol http url "*.jpeg*"
!
!
policy-map IMAGE
 class IMAGE
   drop
policy-map POLICE
 class HTTP
    police 640000
  service-policy IMAGE

• Next message: GAURAV MADAN: "Re: tunnel recursive routing"
• Previous message: Daniel Kutchin: "RE: tunnel recursive routing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:56 ART