A task is worded like "do not allow .badhost.com to be accessed through the firewall" . I have come across two solutions. Are they both correct ? If yes, which should we prefer in the lab ?
Method 1: using regex matching header host ------------ parameter-map type regex PRMregexbadhost pattern badhost\.com class-map type inspect match-all CMout match protocol http class-map type inspect http match-all CM7http match request header host regex PRMregexbadhost policy-map type inspect http PM7http class type inspect http CM7http reset policy-map type inspect PMout class type inspect CMout inspect service-policy http PM7http ======================================================================= Method 2": usinf urlfilter ------------ parameter-map type urlfilter PRMurlfilter exclusive-domain deny .badhost.com class-map type inspect match-all CMout match protocol http policy-map type inspect PMout2 class type inspect CMout inspect urlfilter PRMurlfilter Regards, Karthik
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
