Hi Tyson When matching URLs with match protocol http, I don't think, we can use regex rather it just strings. The following matches "Code Red".worm. Please let me know your thoughts.
Router(config)#*class-map match-any codered* Router(config-cmap)#*match protocol http url "*.ida*"* Router(config-cmap)#*match protocol http url "*cmd.exe*"* Router(config-cmap)#*match protocol http url "*root.exe*"* Router(config-cmap)#*match protocol http url "*readme.eml*"* With regards Kings On Thu, May 12, 2011 at 6:34 AM, Tyson Scott <[email protected]> wrote: > this is not the same as the port-map features. (I wish the feature said URI > matching because that is really what it is doing) > > > > what is given below is a regular expression. It just happens to be an > exact match. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Bruno > *Sent:* Wednesday, May 11, 2011 6:16 PM > *To:* Mark Senteza > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] HTTP Classification using NBAR > > > > Hmm, seems to be what you said but not sure though > > On Wed, May 11, 2011 at 6:57 PM, Mark Senteza <[email protected]> > wrote: > > A question about HTTP URL pattern matching. The Cisco Docs give an example > to match www.cisco.com/latest/whatsnew.html, using the *match* statement > below: > > *match protocol http url /latest/whatsnew.htm > > *I've previously used regex strings for pattern matching. Under the > class-map configuration, the syntax displayed to match HTTP URLs shows the > following: > > CCIELAB-Router-R1(config-cmap)#match protocol http url ? > WORD Enter a string as the sub-protocol parameter > > Does this mean, that I dont necessarily have to enter the string I want to > match as a regex and I can just enter the URL portion that follows > www.hostname.domain as displayed in the above CIsco Docs example ? > > Mark > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > > -- > Bruno Fagioli (by Jaunty Jackalope) > Cisco Security Professional > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
