Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
Danny
Champion Champion
Champion

Related Links for Custom Sites/Applications

Recommendations

  • Don't use * as it puts high load to the Pattern Matcher on the Security Gateway (it doesn't matter if it's with or without Regex)
  • Don't put http: or https: in the string of the custom site
  • Always put a / at the end of non-Regex domains
  • If a special subdomain can be referenced, such as  www.sample.com/ avoid Regex and directly reference it
  • Verify the common name of the custom site and test with this one as well, if it's different

Special considerations

  • Regex syntax implicitly starts and ends with .*
  • Non-Regex syntax implicitly ends with *
  • Custom applications are matched only with the payload of a connection

Risk mitigation

  • Many syntaxes allow more than intended, thoughtfully plan and test your syntax
  • Workarounds might cause performance impacts, though they are always a good read
  • Learn Regex! Verify your Regex syntax with online Regex generators. Understand your Regex!

Common mistakes

  • checkpoint.com matches for checkpoint.com.crime.org
  • *checkpoint.com/ matches for crime.org/checkpoint.com/
  • *.checkpoint.com/ matches for crime.org/www.checkpoint.com/ 
  • Regex \/checkpoint.com\.com matches for crime.org/checkpoint.com/
  • Regex \.checkpoint\.com matches for www.checkpoint.com.crime.org
(1)
Who rated this post