Re: AW: nbar / http classification question

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jan 24 2009 - 14:15:50 ARST

• Next message: Jason Madsen: "Re: AW: nbar / http classification question"
• Previous message: Han Solo: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Jason Madsen: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I recommend you guys try just using URL for your URL match, rather than host
and either put the entire URL string in your match statement or else use
asterisks. For your image matching, I recommend you guys try matching JPEG
via. http mime, rather than URL.

Jason

On Sat, Jan 24, 2009 at 9:08 AM, Han Solo <emaillists@me.com> wrote:

> For some reason I get hit and miss results when matching on various "match
> protocol http host" types but this one works
>
> INTERNET(config-cmap)#do show policy-map int g0/0
> GigabitEthernet0/0
>
> Service-policy input: url
>
> Class-map: url (match-all)
> 102 packets, 67994 bytes
> 30 second offered rate 9000 bps, drop rate 9000 bps
> Match: protocol http
> drop
>
>
>
>
>
>
>
>
> On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
>
> lass Map match-all url (id 6)
>> Match protocol http url "*.gif|*.jpg|*.jpeg"
>> Match protocol http url "*/ccie*"
>> Match protocol http host "http://www.cisco.com/"
>>
>> INTERNET#
>> INTERNET#sh policy-map int g0/0
>> GigabitEthernet0/0
>>
>> Service-policy input: url
>>
>> Class-map: url (match-all)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>> Match: protocol http url "*/ccie*"
>> Match: protocol http host "http://www.cisco.com/"
>> drop
>>
>>
>>
>>
>>
>>
>> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>>
>> I think it has to do with the "match-all" in the class map I am trying
>>> different things , bottom line with both of the examples posted so far there
>>> is no match. I have a 2851 as internet router at home to try and test them
>>> so I block my wife's stuff when I come home from work it really is good
>>> exercise to get these things down .. Curious why these one's aren't working
>>> ? If you want to jump on and test with me let me know i will start up a
>>> webex
>>>
>>>
>>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>>
>>> Well, I did not try but I guess you would have to use:
>>>>
>>>> match protocol http url "*/ccie"
>>>>
>>>> or
>>>>
>>>> match protocol http url "go/ccie"
>>>>
>>>> if that is the exact url
>>>>
>>>> regards
>>>>
>>>> Roger
>>>>
>>>>
>>>> -----Urspr|ngliche Nachricht-----
>>>> Von: Han Solo [mailto:emaillists@me.com]
>>>> Gesendet: Samstag, 24. Januar 2009 16:30
>>>> An: Wouter Prins
>>>> Cc: Roger RPF; Cisco certification
>>>> Betreff: Re: nbar / http classification question
>>>>
>>>> That doesn't work I tried it
>>>>
>>>> INTERNET#sh policy-map interface g0/0
>>>> GigabitEthernet0/0
>>>>
>>>> Service-policy input: url
>>>>
>>>> Class-map: url (match-all)
>>>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>>>> WWW.CISCO.COM/GO/CCIE
>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>> Match: protocol http host "www.cisco.com"
>>>> Match: protocol http url "/ccie"
>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>> drop
>>>>
>>>>
>>>> class-map match-all url
>>>> match protocol http host "www.cisco.com"
>>>> match protocol http url "/ccie"
>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>
>>>> policy-map url
>>>> class url
>>>> drop
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>>>
>>>> I think:
>>>>>
>>>>> class-map match-all URL
>>>>> match protocol http host www.cisco.com
>>>>> match protocol http url "/ccie"
>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>
>>>>> Would also work
>>>>> Wouter
>>>>>
>>>>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>>>>
>>>>> Hi group,
>>>>>>
>>>>>> Question regarding nbar and the class-maps. If the task tells to
>>>>>> block all
>>>>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>>>>> map? Do
>>>>>> we need to include the hostname part? If I look at the following
>>>>>> link on
>>>>>> the
>>>>>> doccd, they say no:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>
>>>>>
>>>>>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<
>>>> http://www
>>>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>> %0Aar_ps63
>>>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>
>>>>>
>>>>>>>
>>>>>> But to me, this would mean that we would also block .jpeg and .gif
>>>>>> for the
>>>>>> site www.dontcheat.com/ccie or not?
>>>>>>
>>>>>> My solution:
>>>>>>
>>>>>> class-map match-all URL
>>>>>> match protocol http host www.cisco.com
>>>>>> match protocol http url "/ccie"
>>>>>> match class-map URLCHILD
>>>>>>
>>>>>> class-map match-any URLCHILD
>>>>>> match protocol http url "*.gif*"
>>>>>> match protocol http url "*.jpg*"
>>>>>> match protocol http url "*.jpeg*"
>>>>>>
>>>>>> What do you think?
>>>>>>
>>>>>> thanks
>>>>>>
>>>>>> Roger
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Han Solo
>>>> May the force be with you
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> Han Solo
>>> May the force be with you
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
> Han Solo
> May the force be with you
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: AW: nbar / http classification question"
• Previous message: Han Solo: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Jason Madsen: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST