From: Ivan Walker (ivan@itpro.co.nz)
Date: Wed Feb 18 2009 - 17:47:40 ARST
My understanding and experience in the lab is that http mime types can
only be matched in the direction of webserver response to client as it
is the actual reply from the web server that contains the image. I also
have found in the lab the you can only match an http host or url in the
request from the client to the server.
Apply this to the question presented
"I ve got a scenario here, I want to allocate 32kbps for replies from a
webserver for address with the url http:// www.abc.com . And I want my
router to drop any image file of type jpeg, jpg and gif" .(from that site).
and I don't see how all requirements can be met unless the address of
the web server is used to match incoming traffic. We can match
* http requests to http host www.abc.com
* http requests for images by matching *jpg etc
* http responses that contain a mime type of "image*"
I don't think we can match reponses from http host www.abc.com (which is
required to shape/police) without finding the IP of the webserver and
limiting on that. And given the the webserver may be using host headers
to host a number of sites on a single IP that may not work either.
Ivan
Jared Scrivener wrote:
> Policy maps are processed top down. In both answers you'll ignore the mime
> type as you are applying the WEB policy first. Try changing it to this:
>
> class-map match-any IMAGES
> match protocol http mime "*.jpg"
> match protocol http mime "*.jpeg"
> match protocol http mime "*.gif"
>
> class-map match-all WEB
> match protocol http host "www.abc.com"
>
> policy-map POLICY
> class IMAGES
> drop
> class WEB
> bandwidth 32000
>
> int f0/0
> service-policy input POLICY
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST