GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: match protocol http mime (types) posted 11/11/2004
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hey Scott,

Just when I thought I got this topic covered...

I found the list of mime types at this url,
ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-types

And, while scrolling down the list, I noticed there are not only mime types,
but there are also mime sub-types.  Now, sure enough there are no periods in
mime types.  However, there are periods in mime sub-types.

So, getting back to the command, match prot http mime <mime-type>, it seems
that mime type can be either mime type or mime sub-type.  For example,
"jpeg" is a mime sub-type of mime type image and I've seen examples using
jpeg so it seems it's OK to use sub-types.

That said, the options available for using match prot http mime include
things like "images" which will pick all mime sub-types of mime type image
or specifying a particular mime sub-type such as any of the ones below
(except if they include a period?).  Am I getting closer still?

Thanks, Tim


image           jpeg                                [RFC2045,RFC2046]
                gif                                 [RFC2045,RFC2046]
                ief             Image Exchange Format       [RFC1314]
                g3fax                                       [RFC1494]
                tiff            Tag Image File Format       [RFC2302]
		cgm		Computer Graphics Metafile  [Francis]
		naplps                                       [Ferber]
                vnd.dwg                                      [Moline]
                vnd.svf                                      [Moline]
                vnd.dxf                                      [Moline]
                png                                 [Randers-Pehrson]
                vnd.fpx                                     [Spencer]
                vnd.net-fpx                                 [Spencer]
		vnd.xiff				    [SMartin]
		prs.btif				      [Simon]
		vnd.fastbidsheet			     [Becker]
		vnd.wap.wbmp				      [Stark]
		prs.pti					       [Laun]
		vnd.cns.inf2				 [McLaughlin]
		vnd.mix					      [Reddy]
                vnd.fujixerox.edmics-rlc                       [Onda]
                vnd.fujixerox.edmics-mmr                       [Onda]
                vnd.fst                                    [Fuldseth]




----- Original Message ----- 
From: "Scott Morris" <swm@xxxxxxxxxx>
To: "'ccie2be'" <ccie2be@xxxxxxxxxx>; "'Andy'" <AndyMrozek@xxxxxxxxx>
Cc: "'Group Study'" <ccielab@xxxxxxxxxxxxxx>
Sent: Thursday, November 11, 2004 6:41 PM
Subject: RE: match protocol http [ url vs mime ]


> Closer.  :)
>
> The period "." will never be part of the MIME type!!!
>
> Like I said, play with a sniffer....  It's a lot more educational and much
> less boring than the rfc's!!!  ;)
>
> Scott
>
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@xxxxxxxxxx]
> Sent: Thursday, November 11, 2004 6:24 PM
> To: swm@xxxxxxxxxx; 'Andy'
> Cc: 'Group Study'
> Subject: Re: match protocol http [ url vs mime ]
>
> OK, I think I got it.
>
> Tell me if this is correct.
>
> If I match using the url keyword in the command, match prot http url
> <string>,  then I'm only matching on web traffic that contains <string> in
> the url.
>
> So, let's assume that the image you see when you go to the cisco home page
> is a bmp image.
>
> If I want to classify on the basis of bmp images and config the following
>
> match prot http url "*.bmp"
>
> that will NOT work because there's no .bmp within the url string itself.
> The bmp is "embedded" in the web page.
>
> However, if I do this,
>
> match prot http mime "*.bmp"
>
> that will work because when I use the mime keyword, it looks for the
> embedded content in the web pages.
>
> I hope I'm right because otherwise I really dont understand when to use
the
> url keyword versus the mime keyword.
>
> I apologize for my ignorance about this but I've never created a single
web
> page in my life and I know nothing more about http except that it's what
> used to code web pages.
>
> Thanks, again.
>
> ----- Original Message -----
> From: "Scott Morris" <swm@xxxxxxxxxx>
> To: "'ccie2be'" <ccie2be@xxxxxxxxxx>; "'Andy'" <AndyMrozek@xxxxxxxxx>
> Cc: "'Group Study'" <ccielab@xxxxxxxxxxxxxx>
> Sent: Thursday, November 11, 2004 5:50 PM
> Subject: RE: match protocol http [ url vs mime ]
>
>
> > No, only the mime will work since the word "images" may or may not be in
> > your URL (only if someone stores all graphics in a /images directory
> > (instead of /image or something else)...
> >
> > Take a sniffer sometime (ethereal is good and free!)  and look at all
the
> > web requests that your station makes when you browse the web.  Then look
> > specifically at the URLs that are requested.  Go to a few different
sites
> > and you'll see the variety on why this is hard.
> >
> > MIME types are fairly standard.
> >
> > HTH,
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
> > ccie2be
> > Sent: Thursday, November 11, 2004 4:57 PM
> > To: Andy
> > Cc: Group Study
> > Subject: Re: match protocol http [ url vs mime ]
> >
> > Andy,
> >
> > Thanks again for getting back to me.
> >
> > Just let me make sure I fully understand you.
> >
> > If I want to block web surfers from seeing any pictures in any format I
> > would do this:
> >
> > class-map IMAGES
> >      match prot http url "*images*"
> > or
> >     match prot http mime "*images*"
> >
> > Either one will work, but the 1st one is more efficient.  Have I got
that
> > right?
> >
> > Now, is it possible using just 1 single match prot http command to
specify
> > both jpeg and bmp or do I need multiple match prot statements?
> >
> > For example, will this work?
> >
> > class-map JPEG-&-BMP
> >     match prot http mime "*jpeg | *bmp"
> >
> > Thanks, Tim
> >
> >
> >
> > ----- Original Message -----
> > From: "Andy" <AndyMrozek@xxxxxxxxx>
> > To: "'ccie2be'" <ccie2be@xxxxxxxxxx>; <swm@xxxxxxxxxx>; "'Group Study'"
> > <ccielab@xxxxxxxxxxxxxx>
> > Sent: Thursday, November 11, 2004 3:43 PM
> > Subject: RE: match protocol http [ url vs mime ]
> >
> >
> > > I have tried both url / mime type ... Both work ,as I have webserver
and
> > > traffic generator .. In my opionon though I would use mime type as it
> > seems
> > > to drop it alot faster , and doesnt use as many network resourced ,
with
> a
> > > sniffer in the path between client / server you see lots of attempts
> from
> > > client to keep pulling information when using url type , but only a
few
> > when
> > > using mime type , the only thing I thing about mime type we need to
know
> > the
> > > various image types for example I had done "*image*" and it was
blocking
> > > .bmp , .jpg, .gif so if you only are required to say block .bmp I
think
> > then
> > > you can use mime type unless there is a way to only block .bmp mime
type
> > but
> > > say let .jpg through...
> > >
> > > -Andy
> > >
> > > -----Original Message-----
> > > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]On Behalf Of
> > > ccie2be
> > > Sent: Thursday, November 11, 2004 12:27 PM
> > > To: swm@xxxxxxxxxx; 'Group Study'
> > > Subject: Re: match protocol http [ url vs mime ]
> > >
> > >
> > > Hi Scott,
> > >
> > > Thanks for getting back to me.
> > >
> > > Before I posted the questions below I did a google and found the rfc
for
> > > mime.  Here's the link for anyone interested:
> > >
> > > http://www.mhonarc.org/~ehood/MIME/2045/rfc2045.html
> > >
> > > I started reading it but after a while my eyes glazed over and I
didn't
> > find
> > > anything that actually helped me figure out whether I should use the
url
> > or
> > > mime parameter of the match prot http command to accomplish this task.
> > >
> > > Maybe my brain isn't in good working order at the moment, but after
> > reading
> > > your response, I'm still not sure whether I should use the url or mime
> > > parameter in the match protocol http command to classify jpeg's,
gif's,
> > > mpeg's, etc.
> > >
> > > So, let's say I want to block web surfers from downloading jpeg's and
> > avi's.
> > >
> > > Would I use
> > >
> > > match prot http url "*jpeg | *avi"
> > >
> > > or
> > >
> > > match prot http mime "*jpeg | *avi"
> > >
> > > Notice that I used the bar | to specify either jpeg OR avi.  Is that
OK?
> > >
> > > Thanks, Tim
> > >
> > > ----- Original Message -----
> > > From: "Scott Morris" <swm@xxxxxxxxxx>
> > > To: "'ccie2be'" <ccie2be@xxxxxxxxxx>; "'Group Study'"
> > > <ccielab@xxxxxxxxxxxxxx>
> > > Sent: Thursday, November 11, 2004 2:32 PM
> > > Subject: RE: match protocol http [ url vs mime ]
> > >
> > >
> > > > The protocol type represents a field within the HTTP structures...
It
> > > will
> > > > never look like "*.jpeg".  That's a filename call, and within the
URL.
> > > >
> > > > MIME types are "image/jpeg", "image/gif", "video/avi" and things
like
> > > > that...  There's an RFC about Multimedia Independent Mail Extensions
> > > (MIME),
> > > > but I don't recall what its number is...
> > > >
> > > > Otherwise, take a look at your File Associations table in Windows
and
> > > you'll
> > > > have an idea for different MIME types and their name.
> > > >
> > > > HTH,
> > > >
> > > >
> > > > Scott Morris, MCSE, CCDP, CCIE4 (R&S/ISP-Dial/Security/Service
> Provider)
> > > > #4713, JNCIP, CCNA-WAN Switching, CCSP, Cable Communications
> Specialist,
> > > IP
> > > > Telephony Support Specialist, IP Telephony Design Specialist, CISSP
> > > > CCSI #21903
> > > > swm@xxxxxxxxxx
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf
> Of
> > > > ccie2be
> > > > Sent: Thursday, November 11, 2004 12:31 PM
> > > > To: Group Study
> > > > Subject: match protocol http [ url vs mime ]
> > > >
> > > > Hi guys,
> > > >
> > > > I need some help figuring out when to use the "mime" parameter when
> > > matching
> > > > traffic.
> > > >
> > > > For example, if I want to apply a policy which filters or restricts
> > > traffic
> > > > that contains jpeg files which config should I use?
> > > >
> > > > class-map jpeg
> > > >   match protocol http url "*.jpeg"
> > > >
> > > > or
> > > >
> > > >   match protocol http mime "*.jpeg"
> > > >
> > > >
> > > > Also, can regular expressions be used within the quote marks?
> > > >
> > > > For example, is this OK?
> > > >
> > > > match prot http mime "*.jpeg | *.jpg | *.mpeg"
> > > >
> > > >
> > > > Any insight or help is greatly appreciated.
> > > >
> > > > TIA, Tim
> > > >
> > > >
> _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
_______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
_______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html