Re: AW: nbar / http classification question

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jan 24 2009 - 14:24:37 ARST

• Next message: Jason Madsen: "Re: AW: nbar / http classification question"
• Previous message: Jason Madsen: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Jason Madsen: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

actually, are there any images at http://www.cisco.com/go/ccie with a URL
ending in .jpeg or another jpeg extension? I don't see any. If that's the
case, than you'd probably want to go with matching mime since it will
actually be the jpeg image type that you want to block and not a URL with
"jpeg" at the end of it...hope that makes sense.

On Sat, Jan 24, 2009 at 9:21 AM, Jason Madsen <madsen.jason@gmail.com>wrote:

> image querying should be blocked by the JPEG URL statements you made,
> whereas, image downloading should be blocked by a mime statement.
>
> On Sat, Jan 24, 2009 at 9:19 AM, Jason Madsen <madsen.jason@gmail.com>wrote:
>
>> I guess URL matching for the JPEG part should be fine too though...either
>> way.
>>
>>
>> On Sat, Jan 24, 2009 at 9:15 AM, Jason Madsen <madsen.jason@gmail.com>wrote:
>>
>>> I recommend you guys try just using URL for your URL match, rather than
>>> host and either put the entire URL string in your match statement or else
>>> use asterisks. For your image matching, I recommend you guys try matching
>>> JPEG via. http mime, rather than URL.
>>>
>>> Jason
>>>
>>>
>>> On Sat, Jan 24, 2009 at 9:08 AM, Han Solo <emaillists@me.com> wrote:
>>>
>>>> For some reason I get hit and miss results when matching on various
>>>> "match protocol http host" types but this one works
>>>>
>>>> INTERNET(config-cmap)#do show policy-map int g0/0
>>>> GigabitEthernet0/0
>>>>
>>>> Service-policy input: url
>>>>
>>>> Class-map: url (match-all)
>>>> 102 packets, 67994 bytes
>>>> 30 second offered rate 9000 bps, drop rate 9000 bps
>>>> Match: protocol http
>>>> drop
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
>>>>
>>>> lass Map match-all url (id 6)
>>>>> Match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>> Match protocol http url "*/ccie*"
>>>>> Match protocol http host "http://www.cisco.com/"
>>>>>
>>>>> INTERNET#
>>>>> INTERNET#sh policy-map int g0/0
>>>>> GigabitEthernet0/0
>>>>>
>>>>> Service-policy input: url
>>>>>
>>>>> Class-map: url (match-all)
>>>>> 0 packets, 0 bytes
>>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>>> Match: protocol http url "*/ccie*"
>>>>> Match: protocol http host "http://www.cisco.com/"
>>>>> drop
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>>>>>
>>>>> I think it has to do with the "match-all" in the class map I am trying
>>>>>> different things , bottom line with both of the examples posted so far there
>>>>>> is no match. I have a 2851 as internet router at home to try and test them
>>>>>> so I block my wife's stuff when I come home from work it really is good
>>>>>> exercise to get these things down .. Curious why these one's aren't working
>>>>>> ? If you want to jump on and test with me let me know i will start up a
>>>>>> webex
>>>>>>
>>>>>>
>>>>>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>>>>>
>>>>>> Well, I did not try but I guess you would have to use:
>>>>>>>
>>>>>>> match protocol http url "*/ccie"
>>>>>>>
>>>>>>> or
>>>>>>>
>>>>>>> match protocol http url "go/ccie"
>>>>>>>
>>>>>>> if that is the exact url
>>>>>>>
>>>>>>> regards
>>>>>>>
>>>>>>> Roger
>>>>>>>
>>>>>>>
>>>>>>> -----Urspr|ngliche Nachricht-----
>>>>>>> Von: Han Solo [mailto:emaillists@me.com]
>>>>>>> Gesendet: Samstag, 24. Januar 2009 16:30
>>>>>>> An: Wouter Prins
>>>>>>> Cc: Roger RPF; Cisco certification
>>>>>>> Betreff: Re: nbar / http classification question
>>>>>>>
>>>>>>> That doesn't work I tried it
>>>>>>>
>>>>>>> INTERNET#sh policy-map interface g0/0
>>>>>>> GigabitEthernet0/0
>>>>>>>
>>>>>>> Service-policy input: url
>>>>>>>
>>>>>>> Class-map: url (match-all)
>>>>>>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>>>>>>> WWW.CISCO.COM/GO/CCIE
>>>>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>>>>> Match: protocol http host "www.cisco.com"
>>>>>>> Match: protocol http url "/ccie"
>>>>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>> drop
>>>>>>>
>>>>>>>
>>>>>>> class-map match-all url
>>>>>>> match protocol http host "www.cisco.com"
>>>>>>> match protocol http url "/ccie"
>>>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>>
>>>>>>> policy-map url
>>>>>>> class url
>>>>>>> drop
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>>>>>>
>>>>>>> I think:
>>>>>>>>
>>>>>>>> class-map match-all URL
>>>>>>>> match protocol http host www.cisco.com
>>>>>>>> match protocol http url "/ccie"
>>>>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>>>
>>>>>>>> Would also work
>>>>>>>> Wouter
>>>>>>>>
>>>>>>>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>>>>>>>
>>>>>>>> Hi group,
>>>>>>>>>
>>>>>>>>> Question regarding nbar and the class-maps. If the task tells to
>>>>>>>>> block all
>>>>>>>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>>>>>>>> map? Do
>>>>>>>>> we need to include the hostname part? If I look at the following
>>>>>>>>> link on
>>>>>>>>> the
>>>>>>>>> doccd, they say no:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>>>
>>>>>>>>
>>>>>>>>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<
>>>>>>> http://www
>>>>>>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>>> %0Aar_ps63
>>>>>>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>>>>
>>>>>>>>
>>>>>>>>>>
>>>>>>>>> But to me, this would mean that we would also block .jpeg and .gif
>>>>>>>>> for the
>>>>>>>>> site www.dontcheat.com/ccie or not?
>>>>>>>>>
>>>>>>>>> My solution:
>>>>>>>>>
>>>>>>>>> class-map match-all URL
>>>>>>>>> match protocol http host www.cisco.com
>>>>>>>>> match protocol http url "/ccie"
>>>>>>>>> match class-map URLCHILD
>>>>>>>>>
>>>>>>>>> class-map match-any URLCHILD
>>>>>>>>> match protocol http url "*.gif*"
>>>>>>>>> match protocol http url "*.jpg*"
>>>>>>>>> match protocol http url "*.jpeg*"
>>>>>>>>>
>>>>>>>>> What do you think?
>>>>>>>>>
>>>>>>>>> thanks
>>>>>>>>>
>>>>>>>>> Roger
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________________________________
>>>>>>>>> Subscription information may be found at:
>>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> Han Solo
>>>>>>> May the force be with you
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Han Solo
>>>>>> May the force be with you
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Han Solo
>>>>> May the force be with you
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Han Solo
>>>> May the force be with you
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: AW: nbar / http classification question"
• Previous message: Jason Madsen: "Re: AW: nbar / http classification question"
• Maybe in reply to: Roger RPF: "AW: nbar / http classification question"
• Next in thread: Jason Madsen: "Re: AW: nbar / http classification question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST