This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
rbergstrom
Explorer
‎2021-02-08 03:48 AM
Jump to solution

URL Filtering RegEx

Hi

I want to block a URL in application layer. I have https inspection on. 

I've made a Application/Site list with "URL's are defined as Regular Expression" and added some sites to it, but I'm struggling to figure out how I would write this URL in RegEx form:

http://lexin.nada.kth.se/lexin/#main=4;

I've tried many different ways but it still not working. Other sites working.

I looked at https://regex101.com/ and I got a match on my expressions but it is still not working.

 

Thank you

Rikard

0 Kudos
2 Solutions

Accepted Solutions
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-02-12 07:43 AM
In response to G_W_Albrecht
Jump to solution

Minor note: this will only match HTTP. The site is available via HTTPS, and the expression above won't match it. If you change the opening to this:

https?:\/\/

it should match both HTTP and HTTPS.

View solution in original post

G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-15 02:54 AM
In response to G_W_Albrecht
Jump to solution

So the complete solution is:

https?:\/\/lexin\.nada\.kth\.se\/lexin\/\#main=4;

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
‎2021-02-10 08:28 AM
Jump to solution

What version/JHF level?
What precise regexes have you tried?

0 Kudos
rbergstrom
Explorer
‎2021-02-11 12:48 AM
In response to PhoneBoy
Jump to solution

Hi!

we are running r80.40 take 87.

I have tried

.lexin.nada.kth.se/lexin/#main=4; 

.lexin.nada.kth.se\/lexin\/#main=4; 

.lexin.nada.kth.se/lexin/*main*4* 

.lexin.nada.kth.se/lexin/.main.4.

.lexin.nada.kth.se\/lexin\/.main.4; 

.lexin.nada.kth.se\/lexin\/*main*4; 

and so on. I think the #or the = causing the problem because this url works just fine:    .lexin.nada.kth.se/lexin/bildtema-survey.html

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-11 01:03 AM
Jump to solution

Why not block entire http://lexin.nada.kth.se/ ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
rbergstrom
Explorer
‎2021-02-11 01:23 AM
In response to G_W_Albrecht
Jump to solution

We want to reach all the pages on that site except 

.lexin.nada.kth.se/lexin/#main=4; and 

.lexin.nada.kth.se/lexin/bildtema-survey.html

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-11 01:59 AM
In response to rbergstrom
Jump to solution

Use

http:\/\/lexin\.nada\.kth\.se\/lexin\/\#main=4;

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
rbergstrom
Explorer
‎2021-02-11 02:01 AM
In response to G_W_Albrecht
Jump to solution

I will try this. Thank you for the help!

/Rickard

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-12 03:58 AM
In response to rbergstrom
Jump to solution

And did it work as needed ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
rbergstrom
Explorer
‎2021-02-15 06:24 AM
In response to G_W_Albrecht
Jump to solution

Hi, 

Sorry for the late reply, I have not had the opportunity to test until today. 

It did not work as needed. I have a block rule with this regex but I can still reach the site. See attached screenshot. Is it possible for you to try this in a lab?

I tried both http and https.

/Rickard

Preview file
59 KB
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-02-12 07:43 AM
In response to G_W_Albrecht
Jump to solution

Minor note: this will only match HTTP. The site is available via HTTPS, and the expression above won't match it. If you change the opening to this:

https?:\/\/

it should match both HTTP and HTTPS.

G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-12 12:17 PM
In response to Bob_Zimmerman
Jump to solution

Very true !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-02-15 02:54 AM
In response to G_W_Albrecht
Jump to solution

So the complete solution is:

https?:\/\/lexin\.nada\.kth\.se\/lexin\/\#main=4;

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events