Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CP-NDA
Collaborator

URL Filtering - look only at host not URI

Hi,

 

While doing some logs inspection we found that one of our Custom Application (whitelisting) is in the top trafic.

 

After checking the logs we found that some Web Advertisement are matching this rule to a wrong categorization

 

URL Whitelist contains:

*.example.com

 

The logs reported in our report contains this ressource:

https://c.go-mpulse.net/api/config.json?key=XXXX&d=support.example.com&t=XXXX

 

From my understanding this shoul not trigger a hit ??

I decided to follow this SK174194

 
Symptoms

The URL partially matches the URL defined in the custom application/Site field

Example:
The custom URL is defined as example.com and matches URL example.commerce.com

Cause

When scanning for the URL, the URL must be closed off with a forward slash: "/", otherwise example.commerce.com will match example.com

Solution

Close the URL string with "/" at the end, for the correct match. 
Example of the correct definition: "example.com/"

 

From my understanding this shoul not trigger a hit ??

After implementing the SK a hit to the following URL is still matching

 https://c.go-mpulse.net/api/config.json?key=XXXX&d=support.example.com/test&t=XXXX

 

What is the correct implementation to only filter:

http(s)://support.example.com/ or http(s)://example.com/ if possible without Regex as HTTPS inspection is not enabled for all profiles

 

Thank you

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Without HTTPS Inspection the rest of the URL should be irrelevant.
With HTTP, it might be worth a TAC case to clarify.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events