CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Page 2 of 2 FirstFirst 12
Results 21 to 25 of 25

Thread: URL filtering, is this a joke?

  1. #21
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,475
    Rep Power
    16

    Default Re: URL filtering, is this a joke?

    The patterns in the SK should be treated as regular expressions and the SK was updated to reflect this.
    Apologies for the confusion.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  2. #22
    Join Date
    2012-08-06
    Posts
    62
    Rep Power
    7

    Default Re: URL filtering, is this a joke?

    Quote Originally Posted by PhoneBoy View Post
    The patterns in the SK should be treated as regular expressions and the SK was updated to reflect this.
    Apologies for the confusion.
    Hey, Thanks for your effort, but still:

    It's unbelievable, either they don't get it or they just don't care. Both are not good for a security company.

    If they really want to use regular expressions down the road, then in step #3 they are still using unescaped periods which is plain wrong as I explained before.

    However, using regexes IMHO is not necessary at all to accomplish the task at hand (as I explained before) so I wonder why they make it so complicated.

  3. #23
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,475
    Rep Power
    16

    Default Re: URL filtering, is this a joke?

    FWIW I also asked my R&D contacts about the unescaped periods.

    Note that even when you enter things as wildcards, the underlying pattern matcher uses regex only, thus what you enter will be converted to the equivalent regex.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  4. #24
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,475
    Rep Power
    16

    Default Re: URL filtering, is this a joke?

    The SK has been updated one more time.
    Since the URLs we are matching against start with http:// or https://, we are matching a slash rather than a carat as the start of the hostname.
    And yes, the periods are now escaped as they should have been.
    Thanks for the feedback.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  5. #25
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    236
    Rep Power
    12

    Default Re: URL filtering, is this a joke?

    The expression I am currently testing is this:

    Code:
    {caseless}:^https?://([^/\.]+?\.)*?\1/.*
    Where \1 is replaced by the domain, including TLD. It should match any number of subdomains, and it should match regardless of whether it's somesite.com, SOMESITE.COM, or anywhere between.

    https?:// makes the 's' optional, so it matches either http:// or https://.

    [^/\.] matches any character which is not a slash or a literal dot. The + matches one or more of the preceding pattern, so one or more non-slash, non-dot characters. The ? after the + makes it not-greedy, so it matches only up until the first slash or literal dot it finds (otherwise, it matches from the end back towards the beginning). \. matches a literal dot, so everything in the parentheses matches a single subdomain, including the final dot.

    The * matches 0 or more instances of the preceding pattern. The ?, again, makes the repetition non-greedy, so it starts by matching zero subdomains, then tries for one subdomain, and so on from the beginning of the URL.

    The last / matches the first slash after the "http://" or "https://" string. The .* then matches zero or more characters of path.



    As an example of how to use this, here's the expression to match somesite.com:

    Code:
    {caseless}:^https?://([^/\.]+?\.)*?somesite.com/.*
    Zimmie

Page 2 of 2 FirstFirst 12

Similar Threads

  1. URL Filtering
    By rotherdrummer in forum Miscellaneous
    Replies: 5
    Last Post: 2014-09-18, 05:10
  2. R75 URL Filtering Reports
    By mmazz in forum Eventia Analyzer/Reporter/SmartView Reporter
    Replies: 2
    Last Post: 2012-04-20, 13:45
  3. URI filtering on HTTPS
    By ppetrovic in forum Content Security/Security Servers/CVP/UFP
    Replies: 1
    Last Post: 2010-10-09, 18:47
  4. Web filtering - Centralized
    By sroghen in forum Check Point UTM-1 Appliances
    Replies: 8
    Last Post: 2009-06-18, 14:38
  5. Filtering URL's
    By imwings in forum Content Security/Security Servers/CVP/UFP
    Replies: 2
    Last Post: 2008-04-22, 20:16

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •