I think, creating sub sigs - one of http tunneling and other for regex is the only way. May be others can suggest, if there is any other way. I raised the same question in this forum earlier and it seems, it is the only way.
Why are you referring to service http engine. I don't think we can use it here because detecting http tunneling is also required. With regards Kings On Wed, Mar 2, 2011 at 7:21 PM, Pemasiri Devanarayana <[email protected]>wrote: > Hi Kings, > > I tried configuring it, since we cant have Msg Body Pattern and Define Web > Traffic Policy in the same sign under sig engine, I have created > sub-signature with service http and add the patter under regex.. > > Question.. > - is that fulfill my requirement and is there any other solution. > -during the exam can we create signature with sub-sig such situation..? > > Here is my requirement again... > when configuring customs signature...and asked that signature should > protect tunneling over http (such as P2P or instant messaging), do we need > to configure any additional configuration apart from configuring service > http type engine matching any patern (using regex) and service-port 80.. > because still I'm confused how does protect tunneling over http for > P2P/instant messaging etc. and also I want to match any pattern (ie..bomb..) > in the url.. > > thanks > > > > On Mon, Feb 28, 2011 at 9:56 AM, Kingsley Charles < > [email protected]> wrote: > >> Never tried but I guess Msg Body Pattern should do it. Please lab it out. >> >> With regards >> Kings >> >> >> On Sun, Feb 27, 2011 at 10:04 PM, Pemasiri Devanarayana < >> [email protected]> wrote: >> >>> Hi Kings, >>> >>> I just need add something more on this question.. if the same signature >>> want to match any pattern in the url (ie.Bomb) where are we write the >>> pattern...? >>> >>> thanks. >>> >>> >>> 3) when configuring customs signature...and asked that signature should >>>> protect tunneling over http (such as P2P or instant messaging), do we need >>>> to configure any additional configuration apart from configuring service >>>> http type engine matching any patern (using regex) and service-port 80.. >>>> because still I'm confused how does protect tunneling over http for >>>> P2P/instant messaging etc. >>>> >>> >>> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >>> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP Traffic" >>> >>> >>> On Thu, Feb 24, 2011 at 7:49 PM, Pemasiri Devanarayana < >>> [email protected]> wrote: >>> >>>> Thanks a lot King for you time on responding this and clarifying them... >>>> I will check them and get back to you if any further doubts.. :) >>>> >>>> >>>> On Thu, Feb 24, 2011 at 4:53 AM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>>> Comments inline...... >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> On Thu, Feb 24, 2011 at 12:09 AM, Pemasiri Devanarayana < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I would appreciate the correct solutions (as expected in the lab >>>>>> grading) for below points on various sections of the labs. >>>>>> >>>>>> 1) if a question asked to authenticate and authorized on particular >>>>>> telnet connection ie line 1 & 3 and not to authtenticate on line say 5, >>>>>> will >>>>>> the following solution is correct (assumed we have already configured >>>>>> aaa) >>>>>> >>>>> >>>>> I guess configuring "transport input telnet" would be required for >>>>> line 1 and 3. But lIne 1 is aux 0.actually. >>>>> >>>>>> >>>>>> line vty 1 (or 3) >>>>>> login authentication xxxx (aaa method) >>>>>> authorization exec xxxx >>>>>> authorization command xx xxxx >>>>>> ! >>>>>> line vty 5 >>>>>> login authentication yyyy (aaa method, none) >>>>>> >>>>>> 2) when configuring IP NBAR do we need to add the following command in >>>>>> addition service-police under the interface. >>>>>> interface x/x >>>>>> ip nbar protocol-discovery >>>>>> service-policy input <pm-name> >>>>>> >>>>>> ip nbar protocol-discovery is not required >>>>> >>>>> >>>>> >>>>> >>>>>> 3) when configuring customs signature...and asked that signature >>>>>> should protect tunneling over http (such as P2P or instant messaging), >>>>>> do we >>>>>> need to configure any additional configuration apart from configuring >>>>>> service http type engine matching any patern (using regex) and >>>>>> service-port >>>>>> 80.. because still I'm confused how does protect tunneling over http for >>>>>> P2P/instant messaging etc. >>>>>> >>>>> >>>>> You should use HTTP AIC engine for this. Create AIC HTTP sig and select >>>>> sig type "Define Web Traffic Policy. Then enable "Alarm in non=HTTP >>>>> Traffic". >>>>> >>>>> >>>>>> >>>>>> Thanks in advance... >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
