topic Re: Custom Application Site Wildcard in Firewall and Security Management

Custom Application Site Wildcard

NeilDavey — Wed, 11 May 2022 07:13:20 GMT

I am needing to create some Applications/Sites on Check Point for some websites:

*.cisco.com

*.okta.com

And I want the site to end at the .com part. ie I don't want this to happen:

bad.okta.com.hacker.org

Would I create a new Application/Site like this this example:

\.example\.com

\.cisco\.com

\.okta\.com

And would I also need to tick the box "URLs are defined as Regular Expression"?

Thanks

Re: Custom Application Site Wildcard

Wolfgang — Wed, 11 May 2022 08:19:06 GMT

See the documentation Custom Application Options

"*.okta.com" does not match "bad.okta.com.hacker.org" but match "subdomain.okta.com"

And yes, if you want more granular control you have to use regular expressions.

Re: Custom Application Site Wildcard

NeilDavey — Wed, 11 May 2022 09:33:22 GMT

Thanks Wolfgang.

So you would suggest this would be correct to allow a subdomain which ends at the .com?

Re: Custom Application Site Wildcard

Bob_Zimmerman — Wed, 11 May 2022 14:58:14 GMT

In past versions, "*.okta.com" would have matched hacker.org/fake.okta.com. This bit me pretty badly when trying to move from another web filtering box to Check Point's URL Filtering. We blocked *.ar, and it caught some site's /path/to/shared/resources/16x16.left.arrow.png or whatever the path was. I haven't tried using non-regular expressions since R80.20, so it may have changed in a more recent version.

I ended up having to anchor to the slash:

^https?://([^/\.]\.)*okta.com/

That matches any number of subdomains (including zero subdomains) then anchors the TLD to the slash which separates the domain name from the path in a URL.

Re: Custom Application Site Wildcard

Wolfgang — Thu, 12 May 2022 08:59:36 GMT

simple answer, YES