Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
0
Helpful
4
Replies

Configure Content Engine rules to send requests to Trend Micro VirusWall

Go to solution
tweber
Level 1
Level 1

‎08-20-2003 09:16 AM

Would like some guidance on how to correctly setup my Cisco Content engine with rules to divert HTTP requests containing references to certain file types (.exe, .scr ,etc) to Trend Micro VirusWall scanner proxy.

We do not want ALL HTTP requests to go to the proxy.

Brad Hanson

HealthPartners

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-20-2003 10:57 PM

Brad,

the commands are :

rule use-proxy url-regex

rule enable

ie:

rule use-proxy 1.1.1.1 8080 url-regex "\.[exe|gif|jpg]^"

Gilles.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎08-20-2003 10:57 PM

Brad,

the commands are :

rule use-proxy url-regex

rule enable

ie:

rule use-proxy 1.1.1.1 8080 url-regex "\.[exe|gif|jpg]^"

Gilles.

0 Helpful

Go to solution
tweber
Level 1
Level 1
In response to Gilles Dufour

‎08-26-2003 08:00 AM

hey thanks. this almost does it...

the redirect to the trend micro antivirus check seems to be working like a champ!

i'm wondering about the syntax of your sample rule. I am not the best at regex but it seems that the caret (^) is a start of string anchor and we are looking for end of string match?

I have one that looks like:

rule use proxy 1.1.1.1 5000 url-regex ".+\..+/.+\.(doc|exe|zip|com)$"

to scan anything, dot, anything, slash, anything, and ending with dot and any of doc, exe, zip or com.

wondering if i don't do this that a domain reference ending in dot com would end up with a rule match from time to time.

thanks!!!

brad hanson

healthpartners

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee
In response to tweber

‎08-27-2003 01:23 AM

Brad,

you're correct - the end of line is '$'.

Your regexp looks good.

you can use the command 'sho statistic rule all' to see if there is any hits for this rule.

Gilles.

0 Helpful

Go to solution
tweber
Level 1
Level 1
In response to Gilles Dufour

‎09-19-2003 10:39 AM

well, now we have to reexamine how this works.. AFTER putting a protocol monitor on the net to watch what traffic was being redirected by the rule, it appears that a simple regular expression isn't going to be able to determine what to send over to the proxy for virus scanning.

the URL string contains the full URL, which may include additional data.

the string:

http://www.site.com/myfile.html?a=www.site.com

will pass if we are looking for files ending in a .com, for example...

I'm looking for an expression that will determine if the document being requested ends with certain extensions, such as com/exe/bin/scr/dll/ etc.

Any ideas on the string that would actually allow this? thanks!!!!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card