well i just did a setup of 2 routers in my office with IOS 12.4(x)T ...and just now setup a simple NBAR setting what i posted.
FROM R1 : ======== 798 bytes copied in 3.528 secs (226 bytes/sec) R1#copy http://cisco:[email protected]/d.ida null: %Error opening http://*****:*****@200.200.200.200/d.ida (I/O error) R1#copy http://cisco:[email protected]/d.ida null: %Error opening http://*****:*****@200.200.200.200/d.ida (I/O error) R1#copy http://cisco:[email protected]/d.ida null: %Error opening http://*****:*****@200.200.200.200/d.ida (I/O error) R1#copy http://cisco:[email protected]/cmd.exe null: %Error opening http://*****:*****@200.200.200.200/cmd.exe (I/O error) R1#copy http://cisco:[email protected]/root.exe null: %Error opening http://*****:*****@200.200.200.200/root.exe (I/O error) R2 (NBAR configured for DROP packets in POLICY-MAP inbound === R2#sh policy-map interface fa0/0 FastEthernet0/0 Service-policy input: NBAR Class-map: NBAR (match-all) 27 packets, 5556 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol http url "(*\.ida|(cmd|root)\.exe)" drop And the string can be checked what i wrote !!! :) it rocks ~ On Sat, Feb 5, 2011 at 3:45 PM, kamran shakil <[email protected]>wrote: > if i have to match strings in URL , is the following correct and does the > same: > > match protocol http url "(.*ida*|(cmd|root).exe)" serves the same > purpose as below: > > > class-map match-any CMAP_ATTACK > match protocol http url "*default.ida*" > match protocol http url "*cmd.exe*" > match protocol http url "*root.exe*" >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
