Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4503
Views
0
Helpful
6
Replies

Going from Bluecoat to WSA Black/Whitelist Regular Expression Help

tmkgm2013
Level 1
Level 1

‎03-02-2016 02:09 PM - edited ‎03-08-2019 05:38 PM

In Bluecoat, you can control access by adding an site URL like this 'creditrepairfirm.com/slides/show/' to a custom 'URL Category Object' and have BC either block or allow access to creditrepairfirm.com and it path compont '/slides/show/' 

I tryed this on the WSA and it error on the '/slides/show/' so, how can I do this on a WSA?

I don't see how a regular expression works here but, I have to qualify this and say I am not an advance regular expression guy.

Any nudge in the right direction would be appreciated.

Thank you in advance.

Tom

Labels:
0 Helpful
6 Replies 6

Christoph Moormann
Level 1
Level 1

‎03-04-2016 02:36 PM

Hi Tom,

I haven't tested this but the manual states:

"The Web Security appliance uses a regular expression syntax that differs slightly from the regular expression syntax used by other Velocity pattern-matching engine implementations. Further, the appliance does not support using a backward slash to escape a forward slash. If you need to use a forward slash in a regular expression, simply type the forward slash without a backward slash."

So the "regex" creditrepairfirm.com/slides/show/ should match
http(s)://anything.creditrepairfirm.com/slides/show/anything

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to Christoph Moormann

‎03-08-2016 04:51 PM

would recommend to add "\." in front of it so looks like below:

\.creditrepairfirm.com/slides/show/

Therefore will apply to any subdomain of creditrepairfirm.com such as anything.creditrepairfirm.com/slides/show/ (if needed).

Also note, if the destination site is HTTPS and you have HTTPS proxy enabled, you will need to 'decrypt' the traffic first for the appliance to know the links from that domain, else appliance can only see the domain of the destination only (transparent mode, can only see the IP address only instead of domain)

If you do not have HTTPS proxy enable, WSA will only perform CONNECT tunnel to port 443 and will not be able to see the links from that domain such as /slides/show

0 Helpful

tmkgm2013
Level 1
Level 1
In response to Handy Putra

‎03-10-2016 12:42 PM

Thank you Handy Putra. If I do put \. does that mean the site has to be tom.creditrepairfirm.com/slide/show/ or will creditrepairfirm.com/slide/show/ work also?

0 Helpful

Handy Putra
Cisco Employee
Cisco Employee
In response to tmkgm2013

‎03-10-2016 02:21 PM

Hi,

Both "tom.creditrepairfirm.com/slide/show/ " and "creditrepairfirm.com/slide/show/ " will also works if you add \. in front of it.

0 Helpful

Garry Cross
Level 1
Level 1
In response to Handy Putra

‎12-08-2017 04:04 PM

Hi I am trying to understand the regular expression and also just the domain name expression. So in regard to the above correct me if I am wrong but the former expression will match on anything.creditrepairfirm.com but also match on anythingcreditrepairfirm.com. The latter expression will only match if it is actually a subdomain of creditrepairfirm.com.

 

As for the the second question, focusing just on the sites list what is the significant difference of putting anything.com versus putting .anything.com?

 

0 Helpful

tmkgm2013
Level 1
Level 1
In response to Christoph Moormann

‎03-10-2016 12:45 PM

Thank you Christoph Moormann. I was expecting something more complacated here. I never just tried creditrepairfirm.com/slides/show/ in the advanced I was trying different combo of regular expression statements instead of the 'easy' approach. .

0 Helpful
Customers Also Viewed These Support Documents