Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5127
Views
0
Helpful
2
Replies

Troubles with Regex on ASA

Go to solution
jhubel
Level 1
Level 1

‎02-13-2010 01:46 PM - edited ‎03-11-2019 10:08 AM

I've been studying how inspect policy maps work on an ASA, and I come across the part where they talk about  blocking content using regex expressions.  I see that there are plenty  of examples published by Cisco (and many threads on various discussion boards) and I also see that there is a widly  published syntax for regular expressions.  All of this make sense to me  so far.  But, then I tried to configure this feature on my ASA, which has  proven to be much harder than it should be.

First, I  started on version 7.2(4).  I configured it exactly as they said and it didn't work, so I upgraded to 8.0(4) and the same thing occured.  Now, I'm running 8.2(2) and I'm bumping into the same problem.  Has anyone had such issues with this?  Let me show you what I'm doing:

ciscoasa(config)# sho run regex
regex testa "a\.com"
ciscoasa(config)# test regex a.com testa
INFO: Regular expression match failed.
ciscoasa(config)# test regex acom testa
INFO: Regular expression match failed.
ciscoasa(config)# test regex a\.com testa
INFO: Regular expression match failed.
ciscoasa(config)#

ciscoasa(config)# sho run regex
regex cisco_website "\.cisco\.com"
ciscoasa(config)# test regex www.cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex .cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)#

ciscoasa(config)# sho run regex
regex cisco_website ".*\.cisco\.com"
ciscoasa(config)# test regex www.cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex .cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)#


ciscoasa(config)# sho run regex
regex file1 ".*[fF][iI][lL][eE][1]\.[tT][xX][tT].*"
ciscoasa(config)# test regex file12.txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex file1txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex file2txt file1
INFO: Regular expression match failed.
ciscoasa(config)# test regex file21txt file1
INFO: Regular expression match failed.
ciscoasa(config)# test regex file12txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex blahfile1.blah.txtblah file1
INFO: Regular expression match succeeded.
ciscoasa(config)#


ciscoasa(config)# regex r-facebook www\.facebook\.com
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)# regex r-facebook facebook
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)# regex r-facebook .*facebook.*
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)#

So, I have the regex expressions configured exactly as they should, but when I use the "test regex" feature, stuff doesn't match when it should and it does match when it shouldn't.

Any help is appreciated.

Jeff

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎02-13-2010 03:10 PM

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

regex testa "a\.com"
5505(config)# test regex http://a.com a\.com
INFO: Regular expression match succeeded.
5505(config)#

It works...

-KS

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎02-13-2010 03:10 PM

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

regex testa "a\.com"
5505(config)# test regex http://a.com a\.com
INFO: Regular expression match succeeded.
5505(config)#

It works...

-KS

0 Helpful

Go to solution
jhubel
Level 1
Level 1
In response to Kureli Sankar

‎02-13-2010 05:24 PM

Ahh, I see what I've done.  I thought the "test regex" command referenced the regex that I had already configured, not the actual expression on the "test regex" line.  I expected it to work like testing a voice dial peer, but I'm set straight now.

Thanks for your help.

Jeff

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card