cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
marki
Iron

sk106623: "Custom Application/Site that was created to match a domain and sub-domains, is not matched by Application & URL Filtering policy"

Introductory note: Since some documents haven't been given the little love they deserve IMHO, I'm going to document my findings and proposals for improving them here, for everyone's benefit. Usually, I've tried giving feedback in said articles, but either they didn't change anything (even though they said I was correct) or they just didn't understand what I meant.

So, about sk106623:

This article is so wrong in many places.

The actual solution to the symptom is very simple and does not need regexes at all. You specify an application and put two items in it:

  • *.example.com
  • example.com

Done.

Furthermore, the regexes they are proposing are not safe: \.example\.com would also match "x.example.com.bla" or even worse "http://site.com/bla/blubb.example.com.bla/index.htm" except if there were implicit anchors that one should be aware of.

Finally, there is a note that says \.example\.com would match both "example.com" and subdomains "*.example.com" which simply is not true. \.example\.com will not match "example.com".

1 Reply
Admin
Admin

Re: sk106623: "Custom Application/Site that was created to match a domain and sub-domains, is not matched by Application & URL Filtering policy"

Definitely appreciate you sharing the findings here.

Let's tag https://community.checkpoint.com/people/rzeld8aed3bb-2b5a-3786-8ec1-61093ba6a9c8‌ so he can update the SK Smiley Happy

0 Kudos