From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jan 24 2009 - 14:21:21 ARST
image querying should be blocked by the JPEG URL statements you made,
whereas, image downloading should be blocked by a mime statement.
On Sat, Jan 24, 2009 at 9:19 AM, Jason Madsen <madsen.jason@gmail.com>wrote:
> I guess URL matching for the JPEG part should be fine too though...either
> way.
>
>
> On Sat, Jan 24, 2009 at 9:15 AM, Jason Madsen <madsen.jason@gmail.com>wrote:
>
>> I recommend you guys try just using URL for your URL match, rather than
>> host and either put the entire URL string in your match statement or else
>> use asterisks. For your image matching, I recommend you guys try matching
>> JPEG via. http mime, rather than URL.
>>
>> Jason
>>
>>
>> On Sat, Jan 24, 2009 at 9:08 AM, Han Solo <emaillists@me.com> wrote:
>>
>>> For some reason I get hit and miss results when matching on various
>>> "match protocol http host" types but this one works
>>>
>>> INTERNET(config-cmap)#do show policy-map int g0/0
>>> GigabitEthernet0/0
>>>
>>> Service-policy input: url
>>>
>>> Class-map: url (match-all)
>>> 102 packets, 67994 bytes
>>> 30 second offered rate 9000 bps, drop rate 9000 bps
>>> Match: protocol http
>>> drop
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
>>>
>>> lass Map match-all url (id 6)
>>>> Match protocol http url "*.gif|*.jpg|*.jpeg"
>>>> Match protocol http url "*/ccie*"
>>>> Match protocol http host "http://www.cisco.com/"
>>>>
>>>> INTERNET#
>>>> INTERNET#sh policy-map int g0/0
>>>> GigabitEthernet0/0
>>>>
>>>> Service-policy input: url
>>>>
>>>> Class-map: url (match-all)
>>>> 0 packets, 0 bytes
>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>> Match: protocol http url "*/ccie*"
>>>> Match: protocol http host "http://www.cisco.com/"
>>>> drop
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>>>>
>>>> I think it has to do with the "match-all" in the class map I am trying
>>>>> different things , bottom line with both of the examples posted so far there
>>>>> is no match. I have a 2851 as internet router at home to try and test them
>>>>> so I block my wife's stuff when I come home from work it really is good
>>>>> exercise to get these things down .. Curious why these one's aren't working
>>>>> ? If you want to jump on and test with me let me know i will start up a
>>>>> webex
>>>>>
>>>>>
>>>>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>>>>
>>>>> Well, I did not try but I guess you would have to use:
>>>>>>
>>>>>> match protocol http url "*/ccie"
>>>>>>
>>>>>> or
>>>>>>
>>>>>> match protocol http url "go/ccie"
>>>>>>
>>>>>> if that is the exact url
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Roger
>>>>>>
>>>>>>
>>>>>> -----Urspr|ngliche Nachricht-----
>>>>>> Von: Han Solo [mailto:emaillists@me.com]
>>>>>> Gesendet: Samstag, 24. Januar 2009 16:30
>>>>>> An: Wouter Prins
>>>>>> Cc: Roger RPF; Cisco certification
>>>>>> Betreff: Re: nbar / http classification question
>>>>>>
>>>>>> That doesn't work I tried it
>>>>>>
>>>>>> INTERNET#sh policy-map interface g0/0
>>>>>> GigabitEthernet0/0
>>>>>>
>>>>>> Service-policy input: url
>>>>>>
>>>>>> Class-map: url (match-all)
>>>>>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>>>>>> WWW.CISCO.COM/GO/CCIE
>>>>>> 30 second offered rate 0 bps, drop rate 0 bps
>>>>>> Match: protocol http host "www.cisco.com"
>>>>>> Match: protocol http url "/ccie"
>>>>>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>> drop
>>>>>>
>>>>>>
>>>>>> class-map match-all url
>>>>>> match protocol http host "www.cisco.com"
>>>>>> match protocol http url "/ccie"
>>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>
>>>>>> policy-map url
>>>>>> class url
>>>>>> drop
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>>>>>
>>>>>> I think:
>>>>>>>
>>>>>>> class-map match-all URL
>>>>>>> match protocol http host www.cisco.com
>>>>>>> match protocol http url "/ccie"
>>>>>>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>>>>>>
>>>>>>> Would also work
>>>>>>> Wouter
>>>>>>>
>>>>>>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>>>>>>
>>>>>>> Hi group,
>>>>>>>>
>>>>>>>> Question regarding nbar and the class-maps. If the task tells to
>>>>>>>> block all
>>>>>>>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>>>>>>>> map? Do
>>>>>>>> we need to include the hostname part? If I look at the following
>>>>>>>> link on
>>>>>>>> the
>>>>>>>> doccd, they say no:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>>
>>>>>>>
>>>>>>>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<
>>>>>> http://www
>>>>>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>>>>> %0Aar_ps63
>>>>>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>>>>>
>>>>>>>
>>>>>>>>>
>>>>>>>> But to me, this would mean that we would also block .jpeg and .gif
>>>>>>>> for the
>>>>>>>> site www.dontcheat.com/ccie or not?
>>>>>>>>
>>>>>>>> My solution:
>>>>>>>>
>>>>>>>> class-map match-all URL
>>>>>>>> match protocol http host www.cisco.com
>>>>>>>> match protocol http url "/ccie"
>>>>>>>> match class-map URLCHILD
>>>>>>>>
>>>>>>>> class-map match-any URLCHILD
>>>>>>>> match protocol http url "*.gif*"
>>>>>>>> match protocol http url "*.jpg*"
>>>>>>>> match protocol http url "*.jpeg*"
>>>>>>>>
>>>>>>>> What do you think?
>>>>>>>>
>>>>>>>> thanks
>>>>>>>>
>>>>>>>> Roger
>>>>>>>>
>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________________________________
>>>>>>> Subscription information may be found at:
>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Han Solo
>>>>>> May the force be with you
>>>>>>
>>>>>>
>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> Han Solo
>>>>> May the force be with you
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Han Solo
>>>> May the force be with you
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>> Han Solo
>>> May the force be with you
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST