Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 1731 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default Exceptions on Sophos UTM

PSOrbit

Hello,

 

we are using Sophos UTM 9.601-5 and I have questions regarding the default excpetions.

 

The default exceptions rule for Apple is:

 

^https?://([A-Za-z0-9.-]*\.)?apple\.com\.?/

 

1. Question: The last question mark resolves to either

"apple.com/"

or

"apple.com./"

Why would anybody want to use the the term ".com./"?

An URL like that makes no sense IMHO.

 

2. Why use an asterisk? Why not the plus?

 

An asterisk allows the following URL

"http://.apple.com/"

which again makes no sense IMHO.

 

A plus

^https?://([A-Za-z0-9.-]+\.)?apple\.com\.?/

doesn't allow

http://.apple.com/

 

Anyone?

 

Cheers

 

Thomas



This thread was automatically locked due to age.
  • 0

    Did answer your questions?

    Best regards

    Alex

    -

  • 0

    Hallo Thomas and welcome to the UTM Community!

    Great questions - I can tell that you're a creative learner.  The article suggested by Alex will give you what you need.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Alexander Busch

    I honestly don't know why you are suggesting that I DIDN'T read that document before asking my questions?

    On our UTM 9, the default excpetions were changed after the installation of 9.601-5 to include .?/ at the ending.

  • 0 in reply to PSOrbit

    Sorry if I offended you with that. I'm not a native speaker, just wanted to refer to the article.

    But to answer your question, a lot of questions here are posted without a research of the KB. It was just a matter of probability, I guess.

    Best regards

    Alex

    -

  • 0

    You raise an interesting point.   I use Tags instead of RegEx because it is so easy to make mistakes.

    Why the optional period at the end?

    All FQDNs official end with a period, so they are allowing for that.    The critical feature is that a / character is used afterward, to ensure that the host name does not continue.

     You are correct that the expression allows .apple.com, but since it is an invalid name, DNS does not resolve it, so I see no harm.

Unfiltered HTML