This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM and Regex in Webfiltering Exceptions for Office 365 and MS Teams

Bepo over 3 years ago

Good morning,

we have a SG450 cluster with Sophos UTM 9.705-7 installed.

Yesterday we added some Webfiltering Exceptions to allow some sites of oOfice 365 and MS Teams.

1. We copied the Exceptions listed in this Sophos KB article for XG Firewall:

2. Check the connectivity to the Microsoft Servers with this site:

3. The Webfiltering Exceptions didn't matched!

So we tested the Regex with: https://regex101.com/

For example: ^([A-Za-z0-9.-]*\.)?office365\.com/?

--> Regex 101 says:

/ An unescaped delimiter must be escaped with a backslash (\)

? The preceding token is not quantifiable

If I change the Regexpattern to: ^https?:\/\/([A-Za-z0-9.-]*)\.office365\.com

Then the following url is matched: https://xx.office365.com

-------------------------------------------------------------------

Second Point:

for example this URL: ^https?://([A-Za-z0-9.-]*\.)?apple\.com/

If i use this Regex Pattern in Regex101 Checker than https://apple.com is not matched!

Additionally there are some errors thrown:

/ An unescaped delimiter must be escaped with a backslash (\)

When I change the Regex Pattern to: ^https:\/\/?([A-Za-z0-9.-]*\.)?apple\.com then the match is successfull!

-------------------------------------------------------------------

So does anybody know...

Do Sophos XG use a different Regex check mechanism than UTM?

Is Sophos escaping some characters internally? For example: ^https?:// to: ^https?:\/\/

Best regards

Bepo

This thread was automatically locked due to age.