Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7256
Views
5
Helpful
4
Replies

WSA and regular expressions

icemoom
Level 1
Level 1

‎03-11-2015 03:53 AM

Hi,

 

Wondering if anyone can help, I'm trying to whitelist a specific URL via a regular expression but it doesn't appear to be working, for example the URL string is:

 

vimeo.com/videoexamples/

 

I don't want to allow access to all Vimeo videos hence the regular expression, I did just try adding it to the sites list but it doesn't appear to like anything with paths so I created the regular expression:

 

vimeo\.com.videoexample.

 

The dots meaning to represent any character (/ in this case), I did try with / but this also does not work.

 

Am I doing something wrong?

 

Regards,
Ross

3 people had this problem
Labels:
0 Helpful
4 Replies 4

Justin bollinger
Level 1
Level 1

‎03-17-2015 01:03 PM

is there a reason that you require blocking access to a specific directory on a website instead of the entire website?

 

As for the regex your example does not fully match as the last wildcard matches the s and does not include the last character /

vimeo\.com.videoexample.

This would match the regex you are looking for, but if I am not mistaken what you are trying to do is not possible.  

vimeo\.com\/videoexamples\/

The custom URL category is based on the hostname/domain/FQDN and not the full query which would include the directory.  

 

The custom URL category would allow you to match for a specific host and not for a specific file/directory on a host.  

 

 

Penelope.Garcia1
Level 1
Level 1
In response to Justin bollinger

‎04-04-2016 02:24 PM

Have you tried it in the WSA Sandbox before committing changes? Or on a RegEx sandbox? That should let you test different Regular Expressions before you either whitelist that specific url, of course depending on it's heirarchy, before also trying to blacklist all others except that particular video.

I would highly recommend communique with John Hess, my WSA go to Guru :D     It sounds like you may be trying to whitelist a lower sub-domain under the same domain that has been blacklisted, but John can review with you and say for sure via a webex screensharing session    :D

0 Helpful

JVSison
Level 1
Level 1
In response to Penelope.Garcia1

‎04-29-2020 07:43 AM

Try the following:

 

\vimeo\.com/videoexamples
\.vimeo\.com/videoexamples

0 Helpful

opryluts
Cisco Employee
Cisco Employee

‎08-11-2020 12:55 AM - edited ‎08-11-2020 12:56 AM

Hi Ross,

It is possible and there is a Youtube example how to do that - https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/118130-configure-wsa-00.html

 

For the sample URL vimeo.com/videoexamples/ the regex would be:

vimeo\.com/videoexamples/

www\.vimeo\.com/videoexamples/

 

But also keep in mind that it might be a landing URL and some HTTP redirects happen after that request. So you need to analyze the full video play flow and add required 3rd party URLs as well to allow the video to play. Use developer tools in Firefox/Chrome to see what other URL are required for that video.

 

Searching on the internet I can see that at least those 2 extra domains must be allowed:

player.vimeo.com
vimeocdn.com
 
And last but not least - you have to do HTTPS inspection for the video related traffic. Otherwise, it's not gonna work.
 
Please vote if you find it helpful.
0 Helpful
Customers Also Viewed These Support Documents