Timed out Conecction

Question

Hi everyone 
 Im getting a timed out response from a specific web site, we know is not an UTM issue but we need to avoid the UTM show the template with the "Timeout during conection to server " or an "Connection Timed Out" or "Timeout while reading response from Server" or "connection reset by peer" only in that web because we know that server takes a long time for give a respon and thats the way it is so its ok for us, we know it is maybe not the best practice but doesnt matter for us, is not our server 
 the web page is http://www.pace.sep.gob.mx and this one is redirecting (dont know why) to a http://www.acuerdo286.sep.gob.mx/acuerdo286 and then go back to http://www.pace.sep.gob.mx We dont know why is working in that way, but it is what it is 
 Of course both webs are setting in the Filtering options / exceptions with all the checks marked so is entirely skiping the filters and blocks, we also use the Skip Transparent Mode Destination Hosts/Nets all that but didnt work 
 the only way for make it work was put the users pc&acute;s in the Skip Transparent Mode Source Hosts/Nets , that is working fine, so Ill realy precciate if some one could help us for reach that goal whitout use the skip list 
 thank for any help.

DouglasFoster · Accepted Answer

Unix-based web servers may be case-sensitive, so "Pace" and "pace" may be different. UTM is Unix-based, so it may also be case-sensitive in it exception matching. Beyond that, I have not analyzed your regex expressions, because there is an easier solution. 
 If you want to apply an exception to everything related to *.pace.sep.gob.mx, the easiest solution is to create a website override for pace.sep.gob.mx, and check the box to include subdomains. Then apply a user-defined tag to that website. Finally, create an exception that applies to traffic going to sites with that tag. 
 Regex is difficult to get right -- too easy to have unintended allows, too easy to have unintended blocks, and too hard for your successors to understand what you have done. Tags fix all of that, and the name of the tag can be used to explain its purpose.

Michael Dunn · Answer

LuisApodaca said: 
 what is the difference between this ^https?://([A-Za-z0-9.-]*\.)?\.pace\.sep\.gob\.mx/Pace/login/ 
 and this 
 ^https?://([A-Za-z0-9.-]*\.)?\.pace\.sep\.gob\.mx/ 
 
 why aim questioning !!, the first line works really fine, but the second did not, why if I only write (on any web browser) one part of the line like &ndash; www.pace.sep.gob.mx &ndash; doesn&rsquo;t work ?, why I need to write the entire line in the skip list ? &ldquo;www.pace.sep.gob/pace/login&rdquo;, shouldn't work the second option ? why the UTM show a response like timed out or connection reset by peer etc. etc.

BTW, there are several things. Some of this might just be how you copied it in. 
 You have case mismatch as well as a difference if it is .sep.gob/pace or .sep.gob.mx/pace 
 But... neither regex would work as written, you required a period twice. 
 you had: 
 ^https?://([A-Za-z0-9.-]*\.)?\.pace\.sep\.gob\.mx/ 
 better: 
 ^https?://([A-Za-z0-9.-]*\.)?pace\.sep\.gob\.mx/ 
 Inside the bracket you had a required period for the subdomain, but then you also had it outside the bracket. Inside the bracket is better, because it also will match when there is no subdomain at all. 
 
 As was stated, RegEx is complex and can be error prone.

Michael Dunn · Answer

3 answers: 
 1 - Copy the out-of-box regex as much as you can. They are built correctly to prevent unintended matching and being efficient. 
 2 - This KB article, which is... not wrong but in my opinion not always the best. https://community.sophos.com/kb/en-us/117316 
 3 - Sites like https://www.regular-expressions.info/ and text editors like EditPad (made by the same people, but there are lots of others out there). 
 
 I personally used EditPad to determine the problem. You can put that regex directly into the search, tell it to highlight matching lines, then just have a line with the URL. It makes it easy to modify the regex and see which URLs match.

BAlfson · Answer

You can Google regular "expression" to find tutorials, Luis, as well as tools like RegEx Tester . 
 Cheers - Bob

DouglasFoster · Answer

This morning, it occurs to me that a certificate revocation check only makes sense if a sites use https, but I have not seen any evidence that your target site uses encryption. I conclude that the site is infected, and UTM is protecting you from malware, even though your specific symptoms are different from mine. Suggest that you contact the site owner.