We are using NBAR to match on and subsequently filter certain urls and p2p traffic at a few customer sites. I understand that this is a substandard way to police user traffic in light of other content filtering options and if this proves unreliable then I will definitely look at those other options.
We're matching urls with a very basic class map:
Class Map match-any url_list
Match protocol http host "*youtube*"
Match protocol http host "*myspace*"
Match protocol http host "*facebook*"
Match protocol http host "*video.google*"
This is being applied to inbound traffic on the LAN interface(s) and the traffic is being filtered fine. The issue we are running into is that other html traffic is matching and being filtered as well.
We are also filtering p2p applications with the following class-map:
Class Map match-any p2p_list
Match protocol bittorrent
Match protocol directconnect
Match protocol fasttrack
Match protocol edonkey
Match protocol gnutella
Match protocol winmx
Match protocol kazaa2
Match protocol socks
This is applied ingress on the LAN interface and ingress on the WAN. On one of our sites the ingress LAN application is filtering out POP3 traffic.
I really appreciate everyone's time and help.
Routers used: 3745 with 12.4(15)T7 & 871 with 12.4(20)T1