From: Jason Madsen (madsen.jason@gmail.com)
Date: Sat Jan 24 2009 - 14:38:31 ARST
thanks. As for the "best" method I think it depends on your requirement.
If you are required to prevent users requests from going out, than you may
want to use URL if the URL extension that your users will try ends with
".jpeg" or something similar. If you are simply required to prevent images
from being downloaded to your users than you may want to use MIME. I'm not
sure if the DoC CD has an exhaustive list of MIME types or not, but if you
need to block all images, you could use "match proto mim image/*" and
because of the asterisks you'll block all types e.g. jpeg, gif etc. Hope
that helps.
Jason
On Sat, Jan 24, 2009 at 9:35 AM, Han Solo <emaillists@me.com> wrote:
> Awsome Jason thanks for that little lesson , do you have any info that
> talks about that , after changing to your mime type that works everywhere ,
> pages load now just missing the jpeg's .... So I guess anytime your asked to
> block jpeg's then using the mime type is the best way to go , I have always
> been using stuff like "match protocol http url "*.jpg | *.jpeg" and get
> hit or miss results sometimes they block sometimes they dont.. Jason is the
> man..
>
> Thanks again Jason
>
> INTERNET(config-cmap)#do sh class-map
> Class Map match-any class-default (id 0)
> Match any
>
> Class Map match-all url (id 1)
> Match protocol http mime "image/jpeg"
>
> INTERNET(config-cmap)#do show policy-map int g0/0
> GigabitEthernet0/0
>
> Service-policy input: url
>
> Class-map: url (match-all)
> 60 packets, 20937 bytes
> 30 second offered rate 5000 bps, drop rate 5000 bps
> Match: protocol http mime "image/jpeg"
> drop
>
>
>
>
>
>
>
> On Jan 24, 2009, at 8:29 AM, Jason Madsen wrote:
>
> there are definitely jpeg images on that page, as can be verified by
>> looking at the html source code, but you aren't going to actually type a URL
>> with a .jpeg extension to view them. they are downloaded automatically
>> when you navigate to that page. that's the reason I recommended using mime
>> for your jpeg matching.
>>
>> Jason
>>
>> On Sat, Jan 24, 2009 at 9:25 AM, Han Solo <emaillists@me.com> wrote:
>> Yea there there use firefox with downloadem all and filter on jpeg's you
>> will see them
>>
>>
>>
>> On Jan 24, 2009, at 8:24 AM, Jason Madsen wrote:
>>
>> actually, are there any images at http://www.cisco.com/go/ccie with a URL
>> ending in .jpeg or another jpeg extension? I don't see any. If that's the
>> case, than you'd probably want to go with matching mime since it will
>> actually be the jpeg image type that you want to block and not a URL with
>> "jpeg" at the end of it...hope that makes sense.
>>
>> On Sat, Jan 24, 2009 at 9:21 AM, Jason Madsen <madsen.jason@gmail.com>
>> wrote:
>> image querying should be blocked by the JPEG URL statements you made,
>> whereas, image downloading should be blocked by a mime statement.
>>
>> On Sat, Jan 24, 2009 at 9:19 AM, Jason Madsen <madsen.jason@gmail.com>
>> wrote:
>> I guess URL matching for the JPEG part should be fine too though...either
>> way.
>>
>>
>> On Sat, Jan 24, 2009 at 9:15 AM, Jason Madsen <madsen.jason@gmail.com>
>> wrote:
>> I recommend you guys try just using URL for your URL match, rather than
>> host and either put the entire URL string in your match statement or else
>> use asterisks. For your image matching, I recommend you guys try matching
>> JPEG via. http mime, rather than URL.
>>
>> Jason
>>
>>
>> On Sat, Jan 24, 2009 at 9:08 AM, Han Solo <emaillists@me.com> wrote:
>> For some reason I get hit and miss results when matching on various "match
>> protocol http host" types but this one works
>>
>> INTERNET(config-cmap)#do show policy-map int g0/0
>>
>> GigabitEthernet0/0
>>
>> Service-policy input: url
>>
>> Class-map: url (match-all)
>> 102 packets, 67994 bytes
>> 30 second offered rate 9000 bps, drop rate 9000 bps
>> Match: protocol http
>> drop
>>
>>
>>
>>
>>
>>
>>
>>
>> On Jan 24, 2009, at 7:52 AM, Han Solo wrote:
>>
>> lass Map match-all url (id 6)
>> Match protocol http url "*.gif|*.jpg|*.jpeg"
>> Match protocol http url "*/ccie*"
>> Match protocol http host "http://www.cisco.com/"
>>
>> INTERNET#
>> INTERNET#sh policy-map int g0/0
>> GigabitEthernet0/0
>>
>> Service-policy input: url
>>
>> Class-map: url (match-all)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>> Match: protocol http url "*/ccie*"
>> Match: protocol http host "http://www.cisco.com/"
>> drop
>>
>>
>>
>>
>>
>>
>> On Jan 24, 2009, at 7:49 AM, Han Solo wrote:
>>
>> I think it has to do with the "match-all" in the class map I am trying
>> different things , bottom line with both of the examples posted so far there
>> is no match. I have a 2851 as internet router at home to try and test them
>> so I block my wife's stuff when I come home from work it really is good
>> exercise to get these things down .. Curious why these one's aren't working
>> ? If you want to jump on and test with me let me know i will start up a
>> webex
>>
>>
>> On Jan 24, 2009, at 7:35 AM, Roger RPF wrote:
>>
>> Well, I did not try but I guess you would have to use:
>>
>> match protocol http url "*/ccie"
>>
>> or
>>
>> match protocol http url "go/ccie"
>>
>> if that is the exact url
>>
>> regards
>>
>> Roger
>>
>>
>> -----Urspr|ngliche Nachricht-----
>> Von: Han Solo [mailto:emaillists@me.com]
>> Gesendet: Samstag, 24. Januar 2009 16:30
>> An: Wouter Prins
>> Cc: Roger RPF; Cisco certification
>> Betreff: Re: nbar / http classification question
>>
>> That doesn't work I tried it
>>
>> INTERNET#sh policy-map interface g0/0
>> GigabitEthernet0/0
>>
>> Service-policy input: url
>>
>> Class-map: url (match-all)
>> 0 packets, 0 bytes -------> NO MATCHES WHEN GOING TO
>> WWW.CISCO.COM/GO/CCIE
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: protocol http host "www.cisco.com"
>> Match: protocol http url "/ccie"
>> Match: protocol http url "*.gif|*.jpg|*.jpeg"
>> drop
>>
>>
>> class-map match-all url
>> match protocol http host "www.cisco.com"
>> match protocol http url "/ccie"
>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>
>> policy-map url
>> class url
>> drop
>>
>>
>>
>>
>> On Jan 24, 2009, at 6:44 AM, Wouter Prins wrote:
>>
>> I think:
>>
>> class-map match-all URL
>> match protocol http host www.cisco.com
>> match protocol http url "/ccie"
>> match protocol http url "*.gif|*.jpg|*.jpeg"
>>
>> Would also work
>> Wouter
>>
>> 2009/1/24 Roger RPF <rpf@bluemail.ch>
>>
>> Hi group,
>>
>> Question regarding nbar and the class-maps. If the task tells to
>> block all
>> .jpeg and .gif from www.cisco.com/ccie how do you create the class
>> map? Do
>> we need to include the hostname part? If I look at the following
>> link on
>> the
>> doccd, they say no:
>>
>>
>>
>>
>> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>>
>> ar_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051880<
>> http://www
>> .cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nb
>> %0Aar_ps63
>> 50_TSD_Products_Configuration_Guide_Chapter.html#wp1051880
>>
>>
>> But to me, this would mean that we would also block .jpeg and .gif
>> for the
>> site www.dontcheat.com/ccie or not?
>>
>> My solution:
>>
>> class-map match-all URL
>> match protocol http host www.cisco.com
>> match protocol http url "/ccie"
>> match class-map URLCHILD
>>
>> class-map match-any URLCHILD
>> match protocol http url "*.gif*"
>> match protocol http url "*.jpg*"
>> match protocol http url "*.jpeg*"
>>
>> What do you think?
>>
>> thanks
>>
>> Roger
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Han Solo
>> May the force be with you
>>
>>
>>
>>
>>
>>
> Han Solo
> May the force be with you
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST