1. Create a class-map to identify transmission traffic
Config: access-list tcp_filter1 permit tcp 192.168.1.0 255.255.0 any eq www
Class-map tcp_filter_class1
Config-cmap: match access-list tcp_filter1 # class-map defines the allowed traffic
Exit
// Define a policy expression named url1, indicating that the URL suffix is ".games.com"
Config: regex url1 "\. games \. com"
// Create a class-map named url_class1 with the regex type
Config: class-map type regex match-any url_class1
|
| Match any
Config-map: match regex url1
Exit
// Create a class-map named http_url_class1 with the type of inspect http to check http traffic)
Config: class-map type inspect http http_url_class1
Config-cmap: match request header host regex class url_class1
2. Create policy-map and associate it with class-map.
Config: policy-map type inspect http http_url_policy1
Config-pmap: class http_url_class1 # Call the previously created class-map
Config-pmap-c: drop-connection log # drop data packets, close the connection, and send system logs
Exit
Exit
Config: policy-map inside_http_url_policy
Config-pmap: class tcp_filter-class1 # Call the previously created class-map
Config-pmap-c: inspect http http_url_policy1 # Check http traffic
Exit
Exit
3. Apply policy-map to the interface.
Config: service-policy inside_http_url_policy1 interface inside
Note: Only one policy-map can be applied to an interface.
This article from "I Am a rookie I am afraid of who" blog, please be sure to keep this source http://jialeide.blog.51cto.com/5597512/1304588
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
