From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Fri Sep 05 2008 - 02:54:55 ART
Hi GS,
I am confused by a solution in one of QoS task in IEWB (IE WB1, Section
Security - Task Using NBAR to Filter Traffic). The tasks is to drop HTTP
IMAGE requests from Client to Server.
HTTP Client ------- R4 ------- Server HTTP
S0/1
Solution create a policy that match images using match http url, but the
policy is applied INBOUND on the WAN interfaces (S0/1) ! I believe that
this policy should be applied OUTBOUND to stop HTTP Requests.
However, that is not my main concern. I used to believe that using "
match protocol http url" can only be used to match HTTP REQUESTS, and
not to match HTTP RESPONSES (IMAGE data) from server. To match IMAGE
data themselves, I thought that match MIME type should be used. But it
seems I may be WRONG!
"match protocol http url" seems to be able to match HTTP RESPONSE from
Servers as well.
I tried snippering (using Wireshark) a real HTTP session. I could see
the reference to URL in the GET request, but I do not see any reference
to that URL in the data response from the server!
Could anyone please comment on the usage of the command "match protocol
http url". Thanks,
Below is config and verification to show that both HTTP requests for
Images and Image return data can be matched by using "match protocol
http url".
Configuration:
R4#
class-map match-any IMAGES
match protocol http url "*.gif"
match protocol http url "*.jpeg|*.jpg"
!
!
! HTTP_REQUEST policy is my additional config for matching illustration
policy-map HTTP_REQUEST
class IMAGES
policy-map DROP_IMAGES
class IMAGES
drop
interface Serial0/1
service-policy input DROP_IMAGES
service-policy output HTTP_REQUEST
Verification:
-------------
Try to generate HTTP get request from inside (R1) to outside 150.1.5.5
(HTTP Server)
R1#copy http://150.1.5.5/test.jpg null:
%Error opening http://150.1.5.5/test.jpg (I/O error)
R4#sh policy-map interface s0/1
Serial0/1
Service-policy input: DROP_IMAGES
Class-map: IMAGES (match-any)
8 packets, 1657 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.jpeg|*.jpg"
8 packets, 1657 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
18 packets, 1530 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Service-policy output: HTTP_REQUEST
Class-map: IMAGES (match-any)
5 packets, 708 bytes
5 minute offered rate 0 bps
Match: protocol http url "*.gif"
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol http url "*.jpeg|*.jpg"
5 packets, 708 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
27 packets, 1936 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:17 ART
![Huan.Pham@peopletelecom.com.au](mailto:Huan.Pham@peopletelecom.com.au?Subject=Re:%20Matching%20image%20requests%20using%20"match%20protocol%20http%20url%20"*.jpeg"){kind=link}
