使用NBAR 对进站的HTTP 流量下载进行限速, 其中凡是下载的图象格式包括gif的,速率限制为50kbps。并防止红色代码(Code Red)和尼姆达(Nimda)蠕虫病毒
R1
conf t
int s2/0
ip ad 10.1.1.1 255.255.255.0
no shut
exit
class-map PHOTO
match protocol http url "*.gif"
exit
class-map VIRUS
match protocol http url "cmd.exe"
match protocol http url "*.ida"
match protocol http url "root.exe"
match protocol http url "readme.eml*"
exit
policy-map NBAR
class PHOTO
police 50000 conform-action transmit exceed-action drop
class VIRUS
drop
exit
int s 2/0
service-policy input NBAR
end
校验
R1#sh policy-map int s2/0
Serial2/0
Service-policy input: NBAR
Class-map: PHOTO (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif"
police:
cir 50000 bps, bc 1562 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*.gif"
police:
cir 50000 bps, bc 1562 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: VIRUS (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "cmd.exe"
Match: protocol http url "*.ida"
Match: protocol http url "root.exe"
Match: protocol http url "readme.eml*"
drop
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "cmd.exe"
Match: protocol http url "*.ida"
Match: protocol http url "root.exe"
Match: protocol http url "readme.eml*"
drop
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
转载于:https://blog.51cto.com/matthewyin/21747