From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Nov 18 2007 - 14:01:50 ART
I'm pretty sure from my testing that the nbar http brain is only after the
http get
Here is why I say that. Whenever I configure these policies as a "service
policy input" facing the client lan, the blocking/rate-limiting of images
fails to happen.
When I apply them as "service policy output" on the T-1, or F0/X interface
towards the ISP it always works.
So your saying block the images using the 'mime' keyword upon return from
the internet (service policy output) on the client facing lan interface, no?
I'm going to try your config on a live router later, and let us all know.
-Joe
_____
From: Toh Soon, Lim [mailto:tohsoon28@gmail.com]
Sent: Sunday, November 18, 2007 5:37 AM
To: Joseph Brunner
Cc: Anis S; Thomas.W.Johnson@chase.com; ccielab@groupstudy.com
Subject: Re: Match Protocol
Hi Joe,
For class-map IMAGES, can I configure the following instead?
!
class-map match-any IMAGES
match protocol http mime "image/jpg"
match protocol http mime "image/bmp"
match protocol http mime "image/gif"
!
You seem to recommend using regexp URL match. Any specific reason?
AFAIK, this post is about matching returning traffic from the website that
contains images with suffixes .jpg, .bmp and .gif. I have limited
understanding of HTTP; however, are we able to use "match protocol http url"
to classify the returning image files from the website? Would matching MIME
be a more effective method?
Kindly advise.
Thank you.
B.Rgds,
Lim TS
On 10/8/07, Joseph Brunner <joe@affirmedsystems.com> wrote:
If any task says .jpg, .jpeg, .gif, etc. then you are obliged to use the
regexp url match
class-map match-all IMAGES
match protocol http url "*.jpg|*.jpeg|*.gif"
I used to make a match-any with each on a separate line until Victor showed
me his way... which works in a live network. I used this config to block all
images from match.com / facebook.com at a client site. The rest of those
sites are limited to 128,000, oh, and during business hours they are dead
all together...
JB
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Anis
S
Sent: Sunday, October 07, 2007 9:20 PM
To: Thomas.W.Johnson@chase.com
Cc: ccielab@groupstudy.com
Subject: Re: Match Protocol
How about using both mime & url under a 'match any' class? In practice, not
all images might be encoded in mime format.
However, for the exam, mime might be the preffered way. Correct me if i'm
wrong.
On 10/5/07, Thomas.W.Johnson@chase.com <Thomas.W.Johnson@chase.com> wrote:
>
> I'm ran across a question that wanted you to limit all return traffic
> from
> www.thiswebsite.com/thisdirectory destined for a specific VLAN to
> whatever,
> 512k, and drop any image files (jpg, bmp or gif) from this
> website.
> How do you match the image files? I assume it's with the match protocol
> http
> command, however, what parameters do you use? Do I need to use the
> match
> protocol http with the mime parameter or do I use match protocol
> http with
> url *.jpg | *.bmp | *.gif? I just don't understand how you
> match image files
> with the match protocol command.
>
>
>
> Thanks in advance.
>
>
>
> Thomas
> Johnson
>
> JP Morgan Chase
>
> Global Network Implementation
> -----------------------------------------
> This transmission may contain
> information that is privileged,
> confidential, legally privileged, and/or
> exempt from disclosure
> under applicable law. If you are not the intended
> recipient, you
> are hereby notified that any disclosure, copying, distribution,
> or
> use of the information contained herein (including any reliance
> thereon) is
> STRICTLY PROHIBITED. Although this transmission and
> any attachments are
> believed to be free of any virus or other
> defect that might affect any
> computer system into which it is
> received and opened, it is the responsibility
> of the recipient to
> ensure that it is virus free and no responsibility is
> accepted by
> JPMorgan Chase & Co., its subsidiaries and affiliates, as
> applicable, for any loss or damage arising in any way from its use.
> If you
> received this transmission in error, please immediately
> contact the sender and
> destroy the material in its entirety,
> whether in electronic or hard copy
> format. Thank you.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART