Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
4
Helpful
7
Replies

Regex question

mvs23
Level 1
Level 1

‎02-05-2026 03:40 AM

Hi!
I'm trying to get an better understanding of how Access and Decryption policies work, and especially regarding regex. I'm struggeling to use regex to limit whats opened, when I'm not specifying the entire URL. For example, say i only want to open for Google Maps, so i would allow traffic going towards google.com/maps/*. How should this be written in regex for it to work properly? And would it work for both Access and Decryption policy? I do know how to use it if i only want to open for a specific page, where we already have the complete URL. Hope this makes sense and thanks in advance for any help!

Labels:
0 Helpful
7 Replies 7

Cristian Matei
VIP Alumni
VIP Alumni

‎02-05-2026 04:47 AM

Hi,

@mvs23 WSA uses Flex regular expression analyzer, use following URL to test / validate your regex: https://www.regextester.com/104875

As for a guide related to which characters can be used in your regex and the expected end outcome, use following document:

https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/220557-configure-custom-url-categories-in-secur.html

Logic and scope is the same for both Access and Decryption Policies.

Thanks,

Cristian.

mvs23
Level 1
Level 1
In response to Cristian Matei

‎02-05-2026 05:20 AM

I think this must be wrong, because the URL you give me to test, says i have to escape /'s, but im not allowed to save on the WSA when escaping /, and it says it should work with /.* which is not the case when i try on Decryption policies.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to mvs23

‎02-05-2026 06:02 AM

Hi,

   @mvs23 Well, i somehow thought it's obvious that when using custom URL's within decryption policy, as you can't match on the URI path, the regex functionality is limited to only FQDN, so it doesn't add much of a value. As sometimes you don't want to decrypt let's say all google traffic, instead of matching on google.com to decrypt, you use micro-app matching to decrypt some google apps, and everything else towards google does not get decrypted. As this method does not always work, as it depends on if first the app being used supports decryption MiTM (which is some cases does not), or it also depends on if the SNI values can identity a micr-app or not (Sometimes yes, sometimes not), for such situation you would need to decrypt the entire FQDN, afterwards based on Access Policy choose which to drop, which to inspect, which to pass. 

   Apologies for not being explicit, initially. 

Thanks,

Cristian.

      

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎02-05-2026 05:11 AM

Decryption only takes place for the Domain example: google.com

Access Policy: Works after decryption. Once the WSA has decrypted the traffic, it can read the full URL string.
Result: This is where your regex google\.com/maps/.* actually functions

check some flows :

https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa11-7/user_guide/b_WSA_UserGuide_11_7/b_WSA_UserGuide_11_7_chapter_01011.html

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mvs23
Level 1
Level 1
In response to balaji.bandi

‎02-05-2026 05:22 AM

Aha, thanks! So this supports the theory i have, that i can as in my example use google\.com/maps/.* on Access Policies, but not on Decyption policies, as the string is never decrypted? So if i wanted to get google maps to work, as well as not decrypt it, i would need to open for all of google.com?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to mvs23

‎02-05-2026 05:36 AM - edited ‎02-05-2026 05:37 AM

For decryption, I know that, so far, with AsyncOS 15. X, I have never seen a regex level. (but happy to listen, someone has a better idea)

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amojarra
Cisco Employee
Cisco Employee

‎02-14-2026 10:44 AM

Hello @mvs23 

Maybe these links can be a Help 

 

Block Upload Traffic in Secure Web Appliance

Public: https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance-s690x/223084-block-upload-traffic-in-secure-web.html

Configure Custom URL Categories in Secure Web Appliance

Public link : https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance-virtual/220557-configure-custom-url-categories-in-secur.html

 

Bypass Authentication in Secure Web Appliance

Public link: https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/222458-bypass-authentication-in-secure-web-appl.html

 

Block Traffic in Secure Web Appliance

Public link: https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance-s690/222466-block-traffic-in-secure-web-appliance.html

 

Bypass Microsoft Updates Traffic in Secure Web Appliance

Public link:  https://www.cisco.com/c/en/us/support/docs/security/secure-web-appliance/222465-bypass-microsoft-updates-traffic-in-secu.html

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful
Customers Also Viewed These Support Documents