Hi, I would like to create a web exception by regex for a specific Facebook page and its content https://www.facebook.com/ xxx where xxx is a literal string. This is the home company page https://www.facebook.com/xxx/* i.e. this is for any content related to that page. As easy as this sounds I am having trouble with the regex I built: ^([A-Za-z0-9.-]*\.)?facebook\.com\/xxx\/([A-Za-z0-9]*) I would appreciate if anyone can tell me what I am doing wrong. ^([A-Za-z0-9.-]*\.)?facebook\.com\.?/

You need to import the Certificate Authority on every machine where TLS traffic will be decrypted. You can get more information on this Article. Also, if all machines are connected to Active Directory, you can import to all of them at the same time. (I believe the Article also covers this.)

Try out ^([a-zA-Z0-9.-]*\.)?facebook\.com\.?/FinductiveLtd* Also, are you doing TLS Decryption ? If you're not decrypting the traffic, the firewall won't be able to do this exception.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Regex

pulc001 over 3 years ago

Hi,

I would like to create a web exception by regex for a specific Facebook page and its content

https://www.facebook.com/xxx where xxx is a literal string. This is the home company page
https://www.facebook.com/xxx/* i.e. this is for any content related to that page.

As easy as this sounds I am having trouble with the regex I built:

^([A-Za-z0-9.-]*\.)?facebook\.com\/xxx\/([A-Za-z0-9]*)

I would appreciate if anyone can tell me what I am doing wrong.

^([A-Za-z0-9.-]*\.)?facebook\.com\.?/

This thread was automatically locked due to age.

Top Replies

Prism over 3 years ago in reply to pulc001 +2 verified

You need to import the Certificate Authority on every machine where TLS traffic will be decrypted. You can get more information on this Article. Also, if all machines are connected to Active Directory…

Parents

0 FormerMember over 3 years ago

Hi pulc001,

Thank you for reaching out to the Community!

Please check out the following document for more info: Sophos UTM / Sophos XG Firewall: Regular expressions for defining URL patterns.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 pulc001 over 3 years ago in reply to FormerMember

Hi Harsh Patel,

I actually built the regex in my previous thread using that article and also tried to use quick regex. Not a regex expert myself, hence why I posted to the community for some help :)
Cancel
Vote Up 0 Vote Down

Cancel
0 FormerMember over 3 years ago in reply to pulc001
Hi pulc001,

With the regex you configured, are you able to access the other pages on Facebook?

How about adding the following entry?

^([A-Za-z0-9.-]*\.)?facebook\.com/xxx

Can you provide the entire URL for the page you’re trying to configure the exception?

Thanks,
Cancel
Vote Up +1 Vote Down

Cancel
0 Prism over 3 years ago in reply to pulc001
Hello pulc001,

A Regex like this should work for you:

^([a-zA-Z0-9.-]*\.)?facebook\.com\.?/FinductiveLtd*

In this regex, It will count anything before "facebook.com", and when It matches the initial /test - anything after that will go through the exemption.

Just a warning, this isn't a good Regex, but It should work as you expect.

EDIT: Look at answer, doing /xxx apparently also include everything after It.

Thanks!
If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel
0 pulc001 over 3 years ago in reply to FormerMember

Hi Harsh Patel,

The entire url is https://www.facebook.com/FinductiveLtd

I have tried ^([A-Za-z0-9.-]*\.)?facebook\.com/FInductiveLtd however this is still not being exceptioned.
Cancel
Vote Up 0 Vote Down

Cancel
0 pulc001 over 3 years ago in reply to Prism

Thanks Prism
Cancel
Vote Up 0 Vote Down

Cancel
0 Prism over 3 years ago in reply to pulc001
Try out

^([a-zA-Z0-9.-]*\.)?facebook\.com\.?/FinductiveLtd*

Also, are you doing TLS Decryption ? If you're not decrypting the traffic, the firewall won't be able to do this exception.
If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 Prism over 3 years ago in reply to pulc001
Try out

^([a-zA-Z0-9.-]*\.)?facebook\.com\.?/FinductiveLtd*

Also, are you doing TLS Decryption ? If you're not decrypting the traffic, the firewall won't be able to do this exception.
If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 pulc001 over 3 years ago in reply to Prism

@prism we are not decrypting the traffic. Then this must be the root cause.
Cancel
Vote Up 0 Vote Down

Cancel
0 Prism over 3 years ago in reply to pulc001

Well, that explain why your exceptions didn't worked before.

Without decrypting the traffic the firewall will only be able to see the SNI "www.facebook.com", in order to see the full URL Path you will need to decrypt the TLS connection.

Are you on v18 or v17.5 ?

If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +1 Vote Down

Cancel
0 pulc001 over 3 years ago in reply to Prism

we are on SFOS 18.0.4 MR-4. The issue with decryption is that all internet traffic was being returned

as NET::ERR_CERT_AUTHORITY_INVALID
Cancel
Vote Up 0 Vote Down

Cancel
+1 Prism over 3 years ago in reply to pulc001

You need to import the Certificate Authority on every machine where TLS traffic will be decrypted.

You can get more information on this Article.

Also, if all machines are connected to Active Directory, you can import to all of them at the same time. (I believe the Article also covers this.)

If a post solves your question use the 'Verify Answer' button.

Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

Sophos ZTNA (KVM) @ Home
Cancel
Vote Up +2 Vote Down

Cancel