nbar / http classification question

From: Roger RPF (rpf@bluemail.ch)
Date: Sat Jan 24 2009 - 11:34:47 ARST

Next message: Wouter Prins: "Re: Hack Simplifies Cisco Router Attack -"
Previous message: Edouard Zorrilla: "scheduller allocate command"
Next in thread: Cyrus: "Re: nbar / http classification question"
Maybe reply: Cyrus: "Re: nbar / http classification question"
Maybe reply: Wouter Prins: "Re: nbar / http classification question"
Maybe reply: Han Solo: "Re: nbar / http classification question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

Question regarding nbar and the class-maps. If the task tells to block all
.jpeg and .gif from www.cisco.com/ccie how do you create the class map? Do
we need to include the hostname part? If I look at the following link on the
doccd, they say no:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880

But to me, this would mean that we would also block .jpeg and .gif for the
site www.dontcheat.com/ccie or not?

My solution:

class-map match-all URL
  match protocol http host www.cisco.com
  match protocol http url "/ccie"
  match class-map URLCHILD

class-map match-any URLCHILD
  match protocol http url "*.gif*"
  match protocol http url "*.jpg*"
  match protocol http url "*.jpeg*"

What do you think?

thanks

Roger

Blogs and organic groups at http://www.ccie.net

Next message: Wouter Prins: "Re: Hack Simplifies Cisco Router Attack -"
Previous message: Edouard Zorrilla: "scheduller allocate command"
Next in thread: Cyrus: "Re: nbar / http classification question"
Maybe reply: Cyrus: "Re: nbar / http classification question"
Maybe reply: Wouter Prins: "Re: nbar / http classification question"
Maybe reply: Han Solo: "Re: nbar / http classification question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST