Shulou(Shulou.com)06/01 Report--

1. Create a class-map to identify transport traffic

Config: access-list tcp_filter1 permit tcp 192.168.1.0 255.255.255.0 any eq www

Class-map tcp_filter_class1

Config-cmap: match access-list tcp_filter1 # # class-map defines allowed traffic

Exit

/ / define a policy expression named url1, indicating that the URL suffix is ".games.com"

Config: regex url1 "\ .girls\ .com"

/ / create a class-map with the name url_class1 and the type regex

Config: class-map type regex match-any url_class1

| |

| | it matches any one of them. |

Config-map: match regex url1

Exit

/ / create a class-map named http_url_class1 with a type of inspect http (check http traffic)

Config:class-map type inspect http http_url_class1

Config-cmap: match request header host regex class url_class1

2 create policy-map and associate class-map

Config:policy-map type inspect http http_url_policy1

Config-pmap: class http_url_class1 # # calls the previously created class-map

Config-pmap-c: drop-connection log # # drop packet and close the connection and send Syslog

Exit

Exit

Config: policy-map inside_http_url_policy

Config-pmap: class tcp_filter-class1 # # calls the previously created class-map

Config-pmap-c:inspect http http_url_policy1 # # check http traffic

Exit

Exit

3 apply policy-map to the interface

Config: service-policy inside_http_url_policy1 interface inside

Note: only one policy-map can be applied to an interface

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.