Create a Post
Showing results for 
Search instead for 
Did you mean: 

Custom Application Control - Wildcard



We have a list of Whilisted URL for HTTPS bypass. The list contains about 300 URL

Since we upgrader to R80.30 or 80.40 (don't remember exactly) we have an warning message when trying to edit this list refering to SK165094

This is mainly due to the fact that this list of URL is not absed on Regex and contains * at almost each line

I've read multiple thread and SK but it's still confusing. We are using HTTPS Inspection for some networks and HTTPS Categorization for others networks. Everything is running under R80.40 T91


Is it better (in terms of performance ) to use Regex ?

If regex are used and if we want to unblock, and what are the suggested regex ?




or  without regex



Thank you

3 Replies

I've used both in the past. I also wonder if one is preferred over the other. I've usually done the later (without regex) due to simplicity and also that I do not agree with the Regex expressions that Checkpoint feels are best practice in sk165094.


The reason for that belief is because there is no termination of the expression. That is to say, if I'm only looking for in the URL or SNI, then what is stop the regex from matching on The regex expression \.example.\com will match on that domain even though it could be a bad site. 


I really think the regex should at least have a terminator on it, like \.example.\com(\/|$) which may work better on SNI hosts. That at least makes it match for what you want and either a backslash after it or nothing else. Even that is not perfect as you could still match on an HTTP URL, something like


Again, one of the reasons I still favor the non-regex version of these filters.


0 Kudos

Regarding the termination on the right side of the expression, there is a sk for that: sk174194.


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events