topic http filter use QOS in Network Security

http filter use QOS

flowaycco — Mon, 11 Mar 2019 18:10:16 GMT

Hi,all:

my config like this:

Class Map match-all 1 (id 3)

Match protocol dns

Class Map match-all 2 (id 4)

Match protocol http host "*cisco.com*"

Class Map match-all 3 (id 5)

Match not class-map 1

Match not class-map 2

Policy Map 1

Class 1

Class 2

Class 3

drop

I want deny all web access except to cisco.com

If i not use "drop" command in class 3,i can see packets match stats in class 2 when i use command "show policy-map interface";but if i use "drop" command in class 3,all http packets will be droped,i can't access the cisco.com,and there is any packets match stats in class 2,but class 1 and class 3's match stats grow up correct,i try some other way for class 3,like:

class 3

match class class-default

class 3

match any

class 3

match access-group xxx

but all fail,the router drop all http packets as long as "drop" command be used in class3.

please help me,thx

Re: http filter use QOS

Nagaraja Thanthry — Mon, 12 Jul 2010 13:03:18 GMT

Hello,

If you looking to block all web access except ciso.com site, then you need to use REGEX. Here is a document that could be helpful.

https://supportforums.cisco.com/docs/DOC-1268;jsessionid=04C0678692F3EDA69D5921326AEC1195.node0

Hope this helps.

Regards.

Re: http filter use QOS

flowaycco — Mon, 12 Jul 2010 13:21:42 GMT

Thx very much!

But my equipment is 2921 router,not firewell,and only ip base ios,so i must use qos to do this only.:(