Cisco Cisco Web Security Appliance S670 Mode D'Emploi
17-23
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 17 URL Filters
Regular Expressions
Access Log File
The access log file records the URL category for each transaction in the scanning verdict information
section of each entry. For more information about the access log, see
section of each entry. For more information about the access log, see
. For
a list of each URL category, see
.
Regular Expressions
Regular expressions are pattern matching descriptions that contain normal printable characters and
special characters that are used to match patterns in text strings. For example, a text string such as
“welcome” matches “welcome” or “welcomemyfriend.” When a match occurs, the function returns true.
If no match occurs, the function returns false. Actions are executed only when a pattern-matching
expression is true.
special characters that are used to match patterns in text strings. For example, a text string such as
“welcome” matches “welcome” or “welcomemyfriend.” When a match occurs, the function returns true.
If no match occurs, the function returns false. Actions are executed only when a pattern-matching
expression is true.
The Web Security appliance uses POSIX extended regular expression syntax, fully described by IEEE
POSIX 1003.2. However, the appliance does not support using a backward slash to escape a forward
slash. If you need to use a forward slash in a regular expression, type the forward slash without a
backward slash.
POSIX 1003.2. However, the appliance does not support using a backward slash to escape a forward
slash. If you need to use a forward slash in a regular expression, type the forward slash without a
backward slash.
Note
Technically, AsyncOS for Web uses the Flex regular expression analyzer. For more detailed information
about how it reads regular expressions, see http://flex.sourceforge.net/manual/Patterns.html.
about how it reads regular expressions, see http://flex.sourceforge.net/manual/Patterns.html.
You can use regular expressions in the following locations:
•
Custom URL categories for Access Policies. When you create a custom URL category to use with
Access Policy groups, you can use regular expressions to specify multiple web servers that match
the pattern you enter. For more information about creating custom URL categories, see
Access Policy groups, you can use regular expressions to specify multiple web servers that match
the pattern you enter. For more information about creating custom URL categories, see
.
•
Custom user agents to block. When you edit the applications to block for an Access Policy group,
you can use regular expressions to enter specific user agents to block, such as Skype or Microsoft
Internet Explorer. For more information about using regular expressions to block user agents, see
you can use regular expressions to enter specific user agents to block, such as Skype or Microsoft
Internet Explorer. For more information about using regular expressions to block user agents, see
.
Note
Regular expressions that perform extensive character matching consume resources and can affect system
performance. For this reason, regular expressions should be cautiously applied.
performance. For this reason, regular expressions should be cautiously applied.
Forming Regular Expressions
Regular expressions are rules that typically use the word “matches” in the expression. They can be
applied to match specific URL destinations or web servers. For example, the following regular
expression matches any pattern containing blocksite.com:
applied to match specific URL destinations or web servers. For example, the following regular
expression matches any pattern containing blocksite.com:
\.blocksite\.com
Consider the following regular expression example:
server[0-9]\.example\.com
In this example, server[
0-9
] matches
server0
,
server1
,
server2
, ...,
server9
in the domain
example.com
.