Hi,
The second method uses URL Filtering service. If this is not mentioned in the
task, you should know which method to exclude.
Regards,
Piotr
From: Karthik sagar
Sent: Thursday, August 09, 2012 8:11 PM
To: ccie security
Subject: [OSL | CCIE_Security] ZBF - http inspection
A task is worded like "do not allow .badhost.com to be accessed through the
firewall" . I have come across two solutions. Are they both correct ? If yes,
which should we prefer in the lab ?
Method 1: using regex matching header host
------------
parameter-map type regex PRMregexbadhost
pattern badhost\.com
class-map type inspect match-all CMout
match protocol http
class-map type inspect http match-all CM7http
match request header host regex PRMregexbadhost
policy-map type inspect http PM7http
class type inspect http CM7http
reset
policy-map type inspect PMout
class type inspect CMout
inspect
service-policy http PM7http
=======================================================================
Method 2": usinf urlfilter
------------
parameter-map type urlfilter PRMurlfilter
exclusive-domain deny .badhost.com
class-map type inspect match-all CMout
match protocol http
policy-map type inspect PMout2
class type inspect CMout
inspect
urlfilter PRMurlfilter
Regards,
Karthik
--------------------------------------------------------------------------------
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
