使用NBAR来基于应用层过滤流量 
版权声明:原创作品,谢绝转载!否则将追究法律责任。 |
 使用NBAR 对进站的HTTP 流量下载进行限速, 其中凡是下载的图象格式包括gif的,速率限制为50kbps。并防止红色代码(Code Red)和尼姆达(Nimda)蠕虫病毒
R1 conf t int s2/0 ip ad 10.1.1.1 255.255.255.0 no shut exit class-map PHOTO match protocol http url "*.gif" exit class-map VIRUS match protocol http url "cmd.exe" match protocol http url "*.ida" match protocol http url "root.exe" match protocol http url "readme.eml*" exit policy-map NBAR class PHOTO police 50000 conform-action transmit exceed-action drop class VIRUS drop exit int s 2/0 service-policy input NBAR end 校验 R1#sh policy-map int s2/0 Serial2/0 Service-policy input: NBAR
Class-map: PHOTO (match-all)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol http url "*.gif" police: cir 50000 bps, bc 1562 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: VIRUS (match-all)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol http url "cmd.exe" Match: protocol http url "*.ida" Match: protocol http url "root.exe" Match: protocol http url "readme.eml*" drop Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any 本文出自 “穿过地狱去看海” 博客,谢绝转载! 本文出自 51CTO.COM技术博客 |
cj231210
博客统计信息
热门文章
最新评论
友情链接
