Cisco Cisco Web Security Appliance S170 Guía Del Usuario
9-20
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 9 Classify URLs for Policy Application
Regular Expressions
Note
Technically, AsyncOS for Web uses the Flex regular expression analyzer. For more detailed information
about how it reads regular expressions, see http://flex.sourceforge.net/manual/Patterns.html.
about how it reads regular expressions, see http://flex.sourceforge.net/manual/Patterns.html.
You can use regular expressions in the following locations:
•
Custom URL categories for Access Policies. When you create a custom URL category to use with
Access Policy groups, you can use regular expressions to specify multiple web servers that match
the pattern you enter.
Access Policy groups, you can use regular expressions to specify multiple web servers that match
the pattern you enter.
•
Custom user agents to block. When you edit the applications to block for an Access Policy group,
you can use regular expressions to enter specific user agents to block.
you can use regular expressions to enter specific user agents to block.
Note
Regular expressions that perform extensive character matching consume resources and can affect system
performance. For this reason, regular expressions should be cautiously applied.
performance. For this reason, regular expressions should be cautiously applied.
Related Topics
•
•
Policy: Protocols and User Agents, page 9-13
Forming Regular Expressions
Regular expressions are rules that typically use the word “matches” in the expressions. They can be
applied to match specific URL destinations or web servers. For example, the following regular
expression matches any pattern containing “
applied to match specific URL destinations or web servers. For example, the following regular
expression matches any pattern containing “
blocksite.com
”:
\.blocksite\.com
Consider the following regular expression example:
server[0-9]\.example\.com
In this example,
server[0-9]
matches
server0
,
server1
,
server2
, ...,
server9
in the domain
example.com
.
In the following example, the regular expression matches files ending in
.exe
,
.zip
, and .
bin
in the
downloads
directory.
/downloads/.*\.(exe|zip|bin)
Note
You must enclose regular expressions that contain blank spaces or non-alphanumeric characters in
ASCII quotation marks.
ASCII quotation marks.
Guidelines for Avoiding Validation Failures
Follow these guidelines to minimize validation failures:
•
Use literal expressions rather than wildcards and bracketed expressions whenever possible. A literal
expression is essentially just straight text such as “
expression is essentially just straight text such as “
It’s as easy as ABC123
”. This is less likely
to fail than using “
It’s as easy as [A-C]{3}[1-3]{3}
”. The latter expression results in the
creation of non-deterministic finite automatons (NFA) entries, which can dramtically increase
processing time.
processing time.