08-04-2008 07:27 PM - edited 03-06-2019 12:36 AM
i m trying to block the youtube on my network. I have confiugred the following things on my internet router.
class-map match-any youtube
match protocol http url "*youtube*"
!
!
policy-map p2p
class youtube
drop
interface GigabitEthernet0/1
ip nbar protocol-discovery
service-policy input p2p.
But still users are able to open youtube.
I m gettin hitcount on policy but unable to drop the youtube traffic.
Class-map: youtube (match-any)
1736 packets, 1044139 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*youtube*"
1736 packets, 1044139 bytes
5 minute rate 0 bps
drop
Solved! Go to Solution.
08-04-2008 08:32 PM
again look at this
When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html
so "cisco" as "youtube" in ur case
compair and try upon the rules and file
and should work
please, if helpful Rate
good luck
08-04-2008 09:00 PM
Its been a while for me to have run into this. Let me take a stab at it.
Can you try the following instead of wildcard mask that you have used:
match protocol http host *youtube.com
! This would match anything in youtube.com like http://www.youtube.com or http://video.youtube.com
08-04-2008 07:46 PM
When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html
Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify request messages (the "c" in the c-header-field portion of the command is for client). The match protocol http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of the command is for server).
Examples
In the following example, any request message that contains "somebody@cisco.com" in the User-Agent, Referer, or From fields will be classified by NBAR. Typically, a term with a format similar to "somebody@cisco.com" would be found in the From header field of the HTTP request message.
match protocol http c-header-field "somebody@cisco.com"
In the following example, any request message that contains "http://www.cisco.com/routers" in the User-Agent, Referer, or From fields will be classified by NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the Referer header field of the HTTP request message.
match protocol http c-header-field "http://www.cisco.com/routers"
and the source is as follow
http://www.cisco.com/en/US/docs/ios/12_4t/qos/configuration/guide/qsnbar1.html#wp1055866
please, Rate if helpful
and good luck
08-04-2008 08:27 PM
thanks for the excellent explaination, but my question is that, why i m not able to block the desired keyword.
Nbar is enable on interface. particular keywrod exist in the the url. but still it is not working. what i m missing.
08-04-2008 08:32 PM
again look at this
When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html
so "cisco" as "youtube" in ur case
compair and try upon the rules and file
and should work
please, if helpful Rate
good luck
08-04-2008 09:00 PM
Its been a while for me to have run into this. Let me take a stab at it.
Can you try the following instead of wildcard mask that you have used:
match protocol http host *youtube.com
! This would match anything in youtube.com like http://www.youtube.com or http://video.youtube.com
09-02-2008 06:57 AM
Hi..I have done same thing as:
class-map match-all test
match protocol http url "youtube"
!
!
policy-map test
class test
set ip dscp default
enable ip nbar protocol-discovery on Fa5/1/1
following are access-list applied on fa5/1/1
40 deny ip any any dscp default (105222matches)
50 permit ip any any log (868 matches)
But it blocks all the site not even youtube.I am unable to open any site like yahoo,google,rediff etc.
Please tell me..
08-04-2008 09:28 PM
Also, the one that you have :
match protocol http url "*youtube*"
would also match www.my-web-site.com/youtube.html which you dont want to do.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: