Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nkr
Participant

URL's containing wildcards

Hi CheckMates!
(R80.40) I’m trying to create rules to access sites like:
gocart-web-prod-*.elb.amazonaws.com

sharedcloud-production*.s3.amazonaws.com

acpprodva7apollo.blob.core.windows.net/acp-prod-va7-data*

platform-cs*.adobe.io

acp-ss-*.adobe.io

ss-*-notif*.aws.adobess.com

cc-api-image.adobe.io/createagc

cc-api-image-x.adobe.io/agctosvg

platform-cs*.adobe.io

 

I have tried creating these as domain objects, but the wildcard within the url seems to be an issue, when using these custom domain objects.
I have also tried using them in custom applications/sites as non-regexp, but again without success.

How do I go about using url’s in the rulebase containing wildcards (*) somewhere within the url?

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend

Wildcards can only used as the first character and should be avoided, see sk165094: Custom Applications/Sites - Best practice

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Nkr
Participant

Is there another way of implementing these URL's in the policy using wildcards?
Or am I forced to get each possible URL?

(e.g. "example*.com" corresponds to "example1.com", "example2.com" etc. etc..)

0 Kudos
PhoneBoy
Admin
Admin

You cannot create it as a Domain Object.
You must create it as a Custom Application/Site, which limits you to detection via HTTP/HTTPS.
For anything beyond a hostname (ie a specific URL), HTTPS Inspection will absolutely be required.
However, you can use wildcards.

0 Kudos
Wolfgang
Authority
Authority

Have a look at @G_W_Albrecht mentioned sk165094, use regular expressions.

0 Kudos
Nkr
Participant

I've been through that, but maybe I'm not getting the syntax right.

To my knowledge, the syntax for a wildcard in regular expression would be /.*/
So as for "example*.com" it would be "example/.*/.com" or something along those lines. Doesn't to the trick though. Could anyone be helpful with the exact syntax for such an expression?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

example/.*/.com is invalid: wrong escape character, and * is defined as matches the previous token between zero and unlimited times, as many times as possible, giving back as needed (greedy)

So the correct RegEx is:

example\.\w*\.com

that will match e.g. example.amazon.com

Try using https://regex101.com/ that also contains the complete RegEx syntax - here you can see if it matches what it should very easily and if not, why...

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events