if i want to block youtube or video streaming through my,how would you do that?

or give him less priority....

In a class-map add :-

match protocol http url "*youtube.com*"

Now you can either drop it using a policy map as in the previous config or police the rate in the policy-map and apply it to the interface.

I am thinking to configure cisco nbar on my Internet Router 37xx

on the mean time I am aware that 90% of the traffic from Internet to

my LAN beside iprouting is HTTP and as you know alot of other protocol are embedded into http.

now my goal is not to block streaming and p2p but

but to limit the rate on bandwidth usage for those protocols example( ftp, youtube, yahoo media, internet music radio, p2p, torrent, Edonkey, Skype, Gnutella, Skype, Winmx, Kazaa, emule Napster ..etc)

any sample configuration could do that for me.

Hi,

This should help :-

class-map match-any webt

match protocol http url "*youtube.com*"

policy-map test

class webt

police rate percent 10

conform-action transmit

exceed-action drop

interface fa0/1

service-policy input test

The police option can be changed as needed. Also more url to match can be added to the class map defined.

>interface fa0/1

>service-policy input test

should not be on the serial interface.

that was just an example.

Where you apply depends on your network. If your traffic is coming into through a serial interface then you would apply it there.

Flr1-Router-internet(config-if)#service-policy input mark-http-limits

Policy map mark-inbound-http-hacks is already attached

why I cant add another service policy to the interface, and how can i resolve this issue regarding my above configuration.

There can only be one policy in each direction per interface.

You will have to modify your exisiting policy as per requirement (like with access-lists)

can you tell me how should it looks regarding my config

my lan office connected to internet through:

LAN---PIX----(Ethernet)Router(Serial)---Internet

My Router config is (X,Y,Z,W are all Real IP) :

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no aaa new-model

ip subnet-zero

ip cef

ip domain name my.dom

ip name-server X1.Y1.Z.W1

ip name-server X2.Y2.Z2.W2

ip ips po max-events 100

no ftp-server write-enable

!

!

interface Serial0/0

ip address X.X.X.X 255.255.255.252

!

interface FastEthernet0/1

ip address Y.Y.Y.Y 255.255.255.240

ip access-group IDS_FastEthernet0/1_out_0 out

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 Z.Z.Z.Z

!

!

ip http server

no ip http secure-server

!

ip access-list extended IDS_FastEthernet0/1_out_0

permit ip host 10.6.100.250 any

permit ip any any

I want to apply URL filtering on my router, I am thinking to apply the following

to my router, would be that correct or am I far away off?

class-map match-any http-hacks

match protocol http url "*default.ida*"

match protocol http url "*cmd.exe*"

match protocol http url "*root.exe*"

match protocol http url "*admin.dll*"

policy-map mark-inbound-http-hacks

class http-hacks

set ip dscp 1

interface serial 0/0

service-policy input mark-inbound-http-hacks

access-list 105 deny ip any any dscp 1

access-list 105 permit ip any any

interface ethernet 0/1

ip access-group 105 out

Its perfect.

Will work.