Tyson, you introduce a good point to the discussion. So, if I'm matching protocol http with whatever string following, and then I later use port-map to add tcp port 8080 along with regular tcp 80, will the http matching be done for traffic to both ports or only to tcp port 80 ?
If I read the NBAR topic right, it did say that NBAR works with statically defined TCP and UDP ports. So should I assume that the matching would be done on tcp port 8080 too in the traffic flow ? On Wed, May 11, 2011 at 11:13 PM, Kingsley Charles < [email protected]> wrote: > Hi Tyson > > When matching URLs with match protocol http, I don't think, we can use > regex rather it just strings. The following matches "Code Red".worm. Please > let me know your thoughts. > > Router(config)#*class-map match-any codered* > Router(config-cmap)#*match protocol http url "*.ida*"* > Router(config-cmap)#*match protocol http url "*cmd.exe*"* > Router(config-cmap)#*match protocol http url "*root.exe*"* > Router(config-cmap)#*match protocol http url "*readme.eml*"* > > > > With regards > Kings > > > > On Thu, May 12, 2011 at 6:34 AM, Tyson Scott <[email protected]> wrote: > >> this is not the same as the port-map features. (I wish the feature said >> URI matching because that is really what it is doing) >> >> >> >> what is given below is a regular expression. It just happens to be an >> exact match. >> >> >> >> Regards, >> >> >> >> Tyson Scott - CCIE #13513 R&S, Security, and SP >> Managing Partner / Sr. Instructor - IPexpert, Inc. >> Mailto: [email protected] >> Telephone: +1.810.326.1444, ext. 208 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> >> >> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >> training locations throughout the United States, Europe, South Asia and >> Australia. Be sure to visit our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Bruno >> *Sent:* Wednesday, May 11, 2011 6:16 PM >> *To:* Mark Senteza >> *Cc:* [email protected] >> *Subject:* Re: [OSL | CCIE_Security] HTTP Classification using NBAR >> >> >> >> Hmm, seems to be what you said but not sure though >> >> On Wed, May 11, 2011 at 6:57 PM, Mark Senteza <[email protected]> >> wrote: >> >> A question about HTTP URL pattern matching. The Cisco Docs give an example >> to match www.cisco.com/latest/whatsnew.html, using the *match* statement >> below: >> >> *match protocol http url /latest/whatsnew.htm >> >> *I've previously used regex strings for pattern matching. Under the >> class-map configuration, the syntax displayed to match HTTP URLs shows the >> following: >> >> CCIELAB-Router-R1(config-cmap)#match protocol http url ? >> WORD Enter a string as the sub-protocol parameter >> >> Does this mean, that I dont necessarily have to enter the string I want to >> match as a regex and I can just enter the URL portion that follows >> www.hostname.domain as displayed in the above CIsco Docs example ? >> >> Mark >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> >> -- >> Bruno Fagioli (by Jaunty Jackalope) >> Cisco Security Professional >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
