Default Exceptions on Sophos UTM

Question

Hello, 
 
 we are using Sophos UTM 9.601-5 and I have questions regarding the default excpetions. 
 
 The default exceptions rule for Apple is: 
 
 ^https?://([A-Za-z0-9.-]*\.)?apple\.com\.?/ 
 
 1. Question: The last question mark resolves to either 
 " apple.com/ " 
 or 
 " apple.com./ " 
 Why would anybody want to use the the term ".com./ "? 
 An URL like that makes no sense IMHO. 
 
 2. Why use an asterisk? Why not the plus? 
 
 An asterisk allows the following URL 
 "http://.apple.com/" 
 which again makes no sense IMHO. 
 
 A plus 
 ^https?://([A-Za-z0-9.-]+\.)?apple\.com\.?/ 
 doesn't allow 
 http://.apple.com/ 
 
 Anyone? 
 
 Cheers 
 
 Thomas

DouglasFoster · Answer

You raise an interesting point. I use Tags instead of RegEx because it is so easy to make mistakes. 
 Why the optional period at the end? 
 All FQDNs official end with a period, so they are allowing for that. The critical feature is that a / character is used afterward, to ensure that the host name does not continue. 
 You are correct that the expression allows .apple.com, but since it is an invalid name, DNS does not resolve it, so I see no harm.