HTTP host-based DAR configuration example
Network requirements
As shown in Figure 36, configure the router to prohibit Client from accessing the webpage http://www.abcd.com:8080/news/index.html on the Web server.
Figure 36: Network diagram
Configuration procedure
# Configure the HTTP Host as the match criterion.
<Router> system-view [Router] traffic classifier httphost [Router-classifier-httphost] if-match protocol http host www.abcd.com:8080 [Router-classifier-httphost] quit
# Configure a packet filtering behavior.
[Router] traffic behavior deny [Router-behavior-deny] filter deny [Router-behavior-deny] quit
# Configure a QoS policy.
[Router] qos policy httphost [Router-qospolicy-httphost] classifier httphost behavior deny [Router-qospolicy-httphost] quit
# Enable DAR for traffic recognition, and apply the QoS policy to the incoming traffic of Ethernet 1/1.
[Router] interface ethernet 1/1 [Router-Ethernet1/1] dar enable [Router-Ethernet1/1] qos apply policy httphost inbound
After the configurations, Client cannot access the webpage http://www.abcd.com:8080/news/index.html on Web server.
The hostname-string criterion matches the host name and port number in request packets. For example, the hostname-string in this example matches just the www.abcd.com:8080 part of the webpage at http://www.abcd.com:8080/news/index.html.
Because HTTP host match criteria are for matching request packets, make sure that you are applying the QoS policy to the direction where HTTP URL request packets are present.