Skip to main content
figge
figge
New Member
January 23, 2019
Solved

URL filter regexp

  • January 23, 2019
  • 1 reply
  • 22826 views
Have the way the Fortigate interprets regular expressions changed between FortiOS release 5.4 an 5.6 ???   \.ru\b  worked in 5.4 to match all domains under the top-domain .ru, it does not work in 5.6.4   if I add \.ru\b  in the Static URL filter via GUI the regexp as show in the CLI is \\.ru\\b and it does not match
Best answer by baggins

right..

 

Just checked with wildcard option and *.ru/ and it works.

I'm on 6.0.3..

Site that you mentioned works "www.rum.se" and went trough list here on few and all blocked.

try..

1 reply

Dave_Hall
Dave_Hall
New Member
January 23, 2019

I'm pretty sure this is an intended design - I know it was/is pointed out in the old 4.0.x documentation, that the fgt will insert a \ prefix in url expression before a \ character - you just don't see it in the GUI.  Perhaps your issue is elsewhere - can you provide more info?

 

Edit: see https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-security-profiles/Other_Profile_Considerations/Using%20wildcards%20and%20Perl%20regular%20expressions.htm?Highlight=expression

figge
figgeAuthor
New Member
January 24, 2019

I have two fortigate, one running 5.4.8 and one running 5.6.4.

The first one (FortiOS 5.4.8) have a VDOM in proxy mode and I use the IPv4 Policy to apply a Webfilter + static URL filter to the traffic. The URL filter have a policy  \.ru\b  Block Enable and it works as intended blocking the top domain ru.

 

The second one (FortiOS 5.6.4) have no VDOMs, runs in proxy mode and I use the Explicit Proxy Policy to apply a Webfilter + static URL. The URL filter have a policy  \.ru\b  Block Enable and it does not work, I have tested many different regexp patterns. The interesting thing though is that using exactly the same regexp as above gives a different result e.g. no match for www.google.ru .and other .ru sites

Dave_Hall
Dave_Hall
New Member
January 24, 2019

If explicit proxy is setup on the second fgt, are you sure it is working properly?  Have you forced (manual set a proxy server setting) on a client browser?

Terms & ConditionsAccessibility statement