Re: URL Filtering on Cisco from Ruhann on 2010-02-12 (Ccielab archives /201002)

From: Ruhann <groupstudy_at_ru.co.za>
Date: Fri, 12 Feb 2010 07:26:31 +0200

my bad. (sending email late at night)

The match statements should be host and not url to match my descriptions

     Match: protocol http host "*.yahoo.com" > valid for
block the anything at yahoo.com, ie mail.yahoo, news.yahoo.com etc
     Match: protocol http host "*.yahoo.com/*" > same as
previous, the 2nd * has no effect since after /.
     Match: protocol http host "*yahoo.com*" > pointless,
will match examples mail.yahoo.comhere and news.yahoo.commando
     Match: protocol http host "*" > will
match all URL host names
     Match: protocol http host "*yahoo*" > valid, will
match any URL host containing yahoo

The difference between match host and match url.
Match host: applies to DNS domain names before the first /

Match url: applies to the 'string' after the first /

some match host examples:
match protocol http host *facebook.com*
! This would match any hostname containing the string 'youtube.com'
like http://www.facebook.com
! or http://login.facebook.com
!
match protocol http host *google*
! This would match any hostname containing the word google like
http://mail.google.com or http://www.google.co.za
! or http://images.google.com
!
match protocol http host google*
! This would match http://google.co.za but
! not http://mail.google.com
!

some match url examples:
match protocol http url *.jpeg|*.jpg|*.gif
! This would match any of the strings .jpeg or .jpg or .gif extention in the url
!
match protocol http url *.swf
! This would match any .swf in the URL
!
match protocol http url *video*
! This would match http://www.cnn.com/video/index.php or
http://www.cnn.com/news/video.html
!
match protocol http url video*
! This would match http://www.cnn.com/video/index.php but not
http://www.cnn.com/news/video.html because
! the string after your first "/" should start with video

On Fri, Feb 12, 2010 at 3:29 AM, <mark.chandra_at_gmail.com> wrote:
>
> Guys,
>
> Thanks a lot for the input,
>
> I would tried some of your suggestion and let see the result.
>
> And, is there an nbar definition for messenger ?
> Sent from my BlackBerry. wireless device from XL GPRS/EDGE/3G network
>
> -----Original Message-----
> From: Jared Scrivener <lists_at_jaredscrivener.com>
> Date: Fri, 12 Feb 2010 04:39:00
> To: Mark Stephanus Chandra<mark.chandra_at_gmail.com>
> Cc: Cisco certification<ccielab_at_groupstudy.com>
> Subject: Re: URL Filtering on Cisco
>
> You used a match-all not a match-any in your class-map. That'll be the
> reason. Both the MIME type and URL aren't "yahoo.com" simultaneously...
>
> --
> Cheers,
>
> Jared Scrivener
> CCSI #30878, CCIE3 #16983 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
>
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
>
> LinkedIn:www.linkedin.com/in/jaredscrivener
>
> On Fri, Feb 12, 2010 at 4:21 AM, Mark Stephanus Chandra <
> mark.chandra_at_gmail.com> wrote:
>
> > Hi Guys,
> >
> >
> >
> > Have you ever tried filtering url in cisco router ?
> >
> >
> >
> > Well, I just tried it and it doen't work, don't know what's wrong.
> >
> >
> >
> > This is my config for class-map
> >
> >
> >
> > Class-map: mark (match-all)
> >
> > 0 packets, 0 bytes
> >
> > 5 minute offered rate 0 bps, drop rate 0 bps
> >
> > Match: protocol http mime "*.yahoo.com"
> >
> > Match: protocol http url "*.yahoo.com"
> >
> > Match: protocol http url "*.yahoo.com/*"
> >
> > Match: protocol http url "*yahoo.com*"
> >
> > Match: protocol http url "*"
> >
> > Match: protocol http host "*yahoo*"
> >
> > Drop
> >
> >
> >
> > As you can see, First, the only thing i want to do is just to filter
> > everything about yahoo.
> >
> >
> >
> > But, it seems like no effect in this scheme, so I just tried to block it
> > all
> > by using match protocol http *
> >
> > But the result is, I still can browse to web sites, no effect at all
> >
> >
> >
> > So the scenario is, I just have one router with two interfaces
> >
> >
> >
> > One going to inside and the other going outside
> >
> >
> >
> > These are the configs :
> >
> >
> >
> > interface Ethernet0/0
> >
> > description Outside
> >
> > ip address
> > ip nat outside
> >
> > ip virtual-reassembly
> >
> > half-duplex
> >
> > service-policy input mark
> >
> > !
> >
> > interface FastEthernet0/0
> >
> > description Inside
> >
> > ip address 192.168.1.1 255.255.255.0
> >
> > ip nat inside
> >
> > ip virtual-reassembly
> >
> > speed auto
> >
> > service-policy input mark
> >
> > service-policy output mark
> >
> >
> >
> > any clue whats wrong ?
> >
> > Regards
> >
> > Mark Stephanus Chandra - CCIE#23887
> > IT Consultant
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Cheers,
>
> Jared Scrivener
> CCSI #30878, CCIE3 #16983 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
>
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
>
> LinkedIn:www.linkedin.com/in/jaredscrivener
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>

--
<ruhann>
blog.ru.co.za
Blogs and organic groups at http://www.ccie.net

Received on Fri Feb 12 2010 - 07:26:31 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART