Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

can I sort traffic by browser?

all my network clients are configured to use a proxy server for their internet usage. I need to know who bypassed it in order to completely enforce it.

I want to see all traffic that come from the network via IE or Firefox

as step 1 I'd like to be able to see all HTTP connections going out on ports 80\443

step 2 would separate by source - IE or FF

is it doable?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: can I sort traffic by browser?

regex user-agent1 "[Mm][Oo][Zz][Ii][Ll][Ll][Aa]"

regex user-agent2 "[Mm][Ss][Ii][Ee]"

!

class-map type regex match-any mozilla

match regex user-agent1

!

class-map type regex match-any ie

match regex user-agent2

!

class-map WEB

match port tcp eq www

policy-map type inspect http mozilla

parameters

match request header user-agent regex class mozilla

log

!

policy-map type inspect http ie

parameters

match request header user-agent regex class ie

log

!

policy-map global_policy

class WEB

inspect http mozilla

!

policy-map INSIDE

class WEB

inspect http ie

!

service-policy INSIDE interface inside

!

logging list TEST message 415008

!

logging on

logging trap TEST

logging host <> x.x.x.x

!

you might want to send these messages to syslog server and 415008 is the syslog message number generated when http header is matched and logging config is to send those messages to syslog server.

!

Keep this link, it might come handy as it gives you the complete break-up of a http request. _http://djce.org.uk/dumprequest

This is not a very optimal solution but will get you started.

HTH

vikram

3 REPLIES

Re: can I sort traffic by browser?

you can match the http (not https - as it is encrypted ) traffic based on the user-agent info from the http header ( i.e.., IE or FF) and then take an action like drop/log - But not sort.

HTH

Vikram

New Member

Re: can I sort traffic by browser?

how? is it possible to export that log to any kind of data file?

Re: can I sort traffic by browser?

regex user-agent1 "[Mm][Oo][Zz][Ii][Ll][Ll][Aa]"

regex user-agent2 "[Mm][Ss][Ii][Ee]"

!

class-map type regex match-any mozilla

match regex user-agent1

!

class-map type regex match-any ie

match regex user-agent2

!

class-map WEB

match port tcp eq www

policy-map type inspect http mozilla

parameters

match request header user-agent regex class mozilla

log

!

policy-map type inspect http ie

parameters

match request header user-agent regex class ie

log

!

policy-map global_policy

class WEB

inspect http mozilla

!

policy-map INSIDE

class WEB

inspect http ie

!

service-policy INSIDE interface inside

!

logging list TEST message 415008

!

logging on

logging trap TEST

logging host <> x.x.x.x

!

you might want to send these messages to syslog server and 415008 is the syslog message number generated when http header is matched and logging config is to send those messages to syslog server.

!

Keep this link, it might come handy as it gives you the complete break-up of a http request. _http://djce.org.uk/dumprequest

This is not a very optimal solution but will get you started.

HTH

vikram

111
Views
0
Helpful
3
Replies
CreatePlease login to create content