GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: Application filtering - URL Filtering posted 01/19/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hello Raj,



As you know, url differs from hosts



So If I do:



match protocol http host "www.cisco.com" ~~~~~~~~~~ this is different to
if I say match protocol http url "/root.exe"

One deals with the source, the other deals with a web directory/file
within the source



Before I get too boring, you'll have to include the frontslash "/" after
the main domain. I prefer using the star character "*" though, this will
match anything before the specified strings.



Like I said, I will be better off doing match protocol http url
"*root.exe*" instead,



However, the following will match "http://www.cisco.com/root.exe";

match protocol http host "www.cisco.com"   <---------------- That
matches the host/domain

match protocol http url "/root.exe"                <----------------
That matches the directory/file specified



will you be using class-map match-any or class-map match-all?



If match-any, all url directories and files on host www.cisco.com will
be matched anyway, since they're all coming from same host and it's the
first match line

If match-all, then only /root.exe from www.cisco.com host will be
matched



Another Example:- if I want to match the home page of the Universal CD:
http://www.cisco.com/univercd/home/home.htm

match protocol http host "www.cisco.com"

match protocol http url "/univercd/home/home.htm"

This will match the homepage directly



OR Simply

match protocol http host "www.cisco.com"

match protocol http url "*home.htm"



Hope this helps



Many Thanks

_________________________________________________

Olayemi Salau

Network Analyst

I.T. Solutions Division

Southampton City Council

* 023 8083 4070   7  077 8811 2036 3 079 5825 7509

* olayemi.salau@xxxxxxxxxxxxxxxxxx
<mailto:olayemi.salau@xxxxxxxxxxxxxxxxxx>

_________________________________________________

This e-mail is intended for the addressee only. If you are not the
intended recipient, please be aware that the unauthorised use or
disclosure of the information it contains, or the unauthorised copying
or re-transmission of the e-mail are strictly prohibited. Such action
may result in legal proceedings. If the e-mail has been sent to you in
error, please accept our apologies, advise the sender as soon as
possible and then delete the message. Under the Freedom of Information
Act 2000 / Data Protection Act 1998, the contents of this e-mail,
whether it is marked confidential or otherwise, may be disclosed. No
employee, Councillor or agent is authorised to conclude by e-mail any
binding agreement with another party on behalf of Southampton City
Council. The Council does not accept service by e-mail of court
proceedings, other processes or formal notices of any kind without
specific prior written agreement. E-mails to and from Southampton City
Council may be monitored in accordance with the law

  _____

From: Raj Bansal [mailto:ccie_study06@xxxxxxxxx]
Sent: 19 January 2007 02:40
To: Salau,Olayemi; deji500@xxxxxxxxxxx; Cisco certification
Subject: RE: Application filtering - URL Filtering



if its match protocol url, do you match after the hostname and the first
"/" after the hostname or the entire url starting from http:// onwards?

so if its match protocol url "root.exe",  and you are matching against
www.cisco.com/root.exe,

will it match if its
match protocol url "root.exe".
According to you, it won't match.

now what if i add
match protocol host "www.cisco.com"
match protocol url "root.exe".
will this match?


Thanks.

Raj

"Salau,Olayemi" <Olayemi.Salau@xxxxxxxxxxxxxxxxxx> wrote:

Hello Deji



match protocol http url "*root.exe*"

means anything can be before root.exe and anything can be after it.
Literally, anything that has got root.exe in it.

Eg. www.apple.com/ipod/root.exe?$t=vgc&$g=mobitel

So it's like the first star character represents anything
"www.apple.com/ipod/" in this case and the other star character
represents anything "?$t=vgc&$g=mobitel" in this case.


Also * character could mean zero occurence



match protocol http url "root.exe"

matches exactly root.exe in the url, so something like
www.cisco.com/root.exe will be invalid because it's got xters before the
root.exe



match protocol http url "webapp/*"

Similarly, this would me, anything that starts with webapp/ with
anything behind. Since * represents zero or any occurrence of
characters, webapp/ would be fine or
webapp/default/gateway.html?$r=bluemoon is also valid.



match protocol htpp url "*webapp*"

This would mean anything infront of webapp (includes zero occurrence
also) and anything behind webapp (includes zero occurrence also). So
http://www.cisco.com/webapp/mean/ccie.html ; also something like webapp/
would be just fine has well

Note that *webapp* will match something like webapp/ since "/" is like
anything behind webapp, but webapp/* will not match webapp2. Hope you
understand



Option

Description

*

Match any zero or more characters in this position.

?

Match any one character in this position.

|

Match one of a choice of characters.

(|)

Match one of a choice of characters in a range. For example cisco.(gif |
jpg) matches either cisco.gif or cisco.jpg.

[ ]

Match any character in the range specified, or one of the special
characters. For example, [0-9] is all of the digits. [*] is the "*"
character and [[] is the "[" character.





Hope this helps, for more information Check the reference below:-

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hq
os_r/qos_m1h.htm#wp1128712





Many Thanks

_________________________________________________

Olayemi Salau

Network Analyst

I.T. Solutions Division

Southampton City Council

( 023 8083 4070 7 077 8811 2036 3 079 5825 7509

* olayemi.salau@xxxxxxxxxxxxxxxxxx

_________________________________________________

This e-mail is intended for the addressee only. If you are not the
intended recipient, please be aware that the unauthorised use or
disclosure of the information it contains, or the unauthorised copying
or re-transmission of the e-mail are strictly prohibited. Such action
may result in legal proceedings. If the e-mail has been sent to you in
error, please accept our apologies, advise the sender as soon as
possible and then delete the message. Under the Freedom of Information
Act 2000 / Data Protection Act 1998, the contents of this e-mail,
whether it is marked confidential or otherwise, may be disclosed. No
employee, Councillor or agent is authorised to conclude by e-mail any
binding agreement with another party on behalf of Southampton City
Council. The Council does not accept service by e-mail of court
proceedings, other processes or formal notices of any kind without
specific prior written agreement. E-mails to and from Southampton City
Council may be monitored in accordance with the law

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
deji500@xxxxxxxxxxx
Sent: 18 January 2007 00:27
To: ccielab@xxxxxxxxxxxxxx
Subject: Application filtering - URL Filtering



Hi



I want to know if there is a difference between hte following match
statements -



1

match protocol http url "*root.exe*"

match protocol http url "root.exe"



2.

match protocol http url "webapp/*"

match protocol htpp url "*webapp*



I have been confused about these for sometime now and would like any
clear distinction from anyone who understands the subject very well. I
have read a few book but the syntax has been different in most of them
and I just want to know if they are indeed the same or different.



Thanks for your interest and input.



_______________________________________________________________________

Subscription information may be found at:

http://www.groupstudy.com/list/CCIELab.html

_______________________________________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html





  _____

Need Mail bonding?
Go to the Yahoo! Mail Q&A
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTE
wOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&s
id=396546091>  for great tips from Yahoo! Answers
<http://answers.yahoo.com/dir/index;_ylc=X3oDMTFvbGNhMGE3BF9TAzM5NjU0NTE
wOARfcwMzOTY1NDUxMDMEc2VjA21haWxfdGFnbGluZQRzbGsDbWFpbF90YWcx?link=ask&s
id=396546091>  users.