This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NeilDavey
Collaborator
‎2022-05-11 12:13 AM
Jump to solution

Custom Application Site Wildcard

I am needing to create some Applications/Sites on Check Point for some websites:

*.cisco.com

*.okta.com

And I want the site to end at the .com part.  ie I don't want this to happen:

bad.okta.com.hacker.org

Would I create a new Application/Site like this this example:

\.example\.com

\.cisco\.com

\.okta\.com

And would I also need to tick the box "URLs are defined as Regular Expression"?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority
‎2022-05-12 01:59 AM
In response to NeilDavey
Jump to solution

simple answer, YES

View solution in original post

4 Replies
Wolfgang
Authority
Authority
‎2022-05-11 01:19 AM
Jump to solution

See the documentation Custom Application Options

"*.okta.com" does not match "bad.okta.com.hacker.org" but match "subdomain.okta.com"

And yes, if you want more granular control you have to use regular expressions.

 

0 Kudos
NeilDavey
Collaborator
‎2022-05-11 02:29 AM
In response to Wolfgang
Jump to solution

Thanks Wolfgang.

So you would suggest this would be correct to allow a subdomain which ends at the .com?

image.png

0 Kudos
Wolfgang
Authority
Authority
‎2022-05-12 01:59 AM
In response to NeilDavey
Jump to solution

simple answer, YES

Bob_Zimmerman
Authority
Authority
‎2022-05-11 07:58 AM
In response to Wolfgang
Jump to solution

In past versions, "*.okta.com" would have matched hacker.org/fake.okta.com. This bit me pretty badly when trying to move from another web filtering box to Check Point's URL Filtering. We blocked *.ar, and it caught some site's /path/to/shared/resources/16x16.left.arrow.png or whatever the path was. I haven't tried using non-regular expressions since R80.20, so it may have changed in a more recent version.

I ended up having to anchor to the slash:

^https?://([^/\.]\.)*okta.com/

That matches any number of subdomains (including zero subdomains) then anchors the TLD to the slash which separates the domain name from the path in a URL.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events