Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1035 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Messie Regex makes problems with WebFiltering

ivansieder
Hi,

we got a rule in our WebProtection, which uses as URL's the following list:

^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/
windowsupdate.com
microsoft.com
fg.v4.download.windowsupdate.com

Now we found out that one element of this list causes to apply to all the sites with https...

This means the following: For the people which are affected by this rule the Exception (SSL-Scanning and Antivirus) also affects other pages like google, twitter, etc...

This rule came directly from sophos / was already in there.

Anyone else experiencing this or can tell me the solution for this?

Kindly
Ivan


This thread was automatically locked due to age.
  • 0
    These default entries have been in place for years and I've never seen or heard of anyone else experiencing this.  What methodology did you use to determine that it was this exception rule?  Are there other rules on your UTM that have been cloned from this one?  What happens if you delete, then manually recreate this rule?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0
    Hi,

    we got a rule in our WebProtection, which uses as URL's the following list:

    ^https?://([A-Za-z0-9.-]*\.)?windowsupdate\.com/
    ^https?://([A-Za-z0-9.-]*\.)?microsoft\.com/
    windowsupdate.com
    microsoft.com
    fg.v4.download.windowsupdate.com

    Now we found out that one element of this list causes to apply to all the sites with https...

    This means the following: For the people which are affected by this rule the Exception (SSL-Scanning and Antivirus) also affects other pages like google, twitter, etc...

    This rule came directly from sophos / was already in there.

    Anyone else experiencing this or can tell me the solution for this?

    Kindly
    Ivan


    sorry but no..these do NOT allow bypass for everything.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0
    Well i know that normally this regex won't bypass everything... But i tried to disable the rule and since then it did work properly and showed up our utm's certificate.

    So there somewhere has to be an issue.
  • 0
    the regex is correct..however start a ticket with support...i think there is a bug in the regex handling of UTM as i am having a different issue related to regex.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Unfiltered HTML