- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Trying to implement a regex block from a threat feed for known C2 traffic on app/url blade and policy will not install. The only thing I noticed is the + operator that Checkpoint doesn't appear to like. However, this conforms to PCRE format when I test on regex101. Has anyone else dealt with this and how have you addressed it?
^https?:\/\/[^\x2f]+\/(?:[a-zA-Z0-9\._-]+\/)+[1-3]c\.jpg$
Replicated using R80.30 JT 111 SMS + GW + GW Cluster:
- Verify is successfull
- Access policy install fails:
Fix problematic regex syntax, or delete it from the database.
For example:
Problem in all the regex with the last hyphen inside the brackets. It must be escaped with backslash.
Change: ^https?:\/\/([A-Za-z0-9.-]+\.)?ama-assn\.org
To: ^https?:\/\/([A-Za-z0-9.\-]+\.)?ama-assn\.org
---
After changing the RegEx to
^https?:\/\/[^\x2f]+\/(?:[a-zA-Z0-9\._\-]+\/)+[1-3]c\.jpg$
Policy install succeeds
😎
Please try yourself, then mark this post as the solution...
Replicated using R80.30 JT 111 SMS + GW + GW Cluster:
- Verify is successfull
- Access policy install fails:
Fix problematic regex syntax, or delete it from the database.
For example:
Problem in all the regex with the last hyphen inside the brackets. It must be escaped with backslash.
Change: ^https?:\/\/([A-Za-z0-9.-]+\.)?ama-assn\.org
To: ^https?:\/\/([A-Za-z0-9.\-]+\.)?ama-assn\.org
---
After changing the RegEx to
^https?:\/\/[^\x2f]+\/(?:[a-zA-Z0-9\._\-]+\/)+[1-3]c\.jpg$
Policy install succeeds
😎
Please try yourself, then mark this post as the solution...
@G_W_Albrecht - Appreciate the help here. Escaping the dash did the trick.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY