FortiProxy - Limitation character in host regex content

ck8881 · ‎02-12-2022

HI Guys,

Anyone know anyway to exactly match below URL in fortiproxy?

I tried use apply in proxy address host regex, after input and click ok, found last few word is lost, seem like limitation character. May i know is there any limitation character for it? If yes, anyone talent guys could provide any idea or way could do exactly match? As the scenario is must exactly match the URL in order FPX unblock it.

Original URL - https://sites.google.com/view/windowactivation/home?2Fdefault.aspx&claims=%7B%22id_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client-request-id=8673659f-2085-9000-743e-1c7653e2c219&sso_reload=true

Regex use in FPX - ^https://sites\.google\.com/view/windowactivation/home?2Fdefault\.aspx&claims=%7B%22id_token%22:%7B%22xms_cc%22:%7B%22values%22:%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083-87e0-41b5-bb78-0bc43c8a8e8a&client-request-id=8673659f-2085-9000-743e-1c7653e2c219&sso_reload=true$

Appreciate anyone can share the idea.

ede_pfau · ‎02-13-2022

I don't know which kind of Regex the FPX uses, but if you escape special characters in the regex, then you need to escape them all:

special: ^$.*?+[](){}|

I might have missed one or the other. When in doubt, escape it.

From your example, I see that '?' isn't escaped, thus stands for 'any character'. The URL definitively needs the question mark to work.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

ck8881 · ‎02-13-2022

HI ede,

Thanks for your response.

Due to current host-regex limit is 256 and above regex URL is more than it. Do you have an idea or method can achieve it to exactly match the URL? redirect or something else method in PFX?

Thanks

ede_pfau · ‎02-13-2022

You're right, it's 280/281 chars long if escaped. IMHO the only way is to replace parts of it with placeholders '.*' to make it fit into 256 chars. The cobrandid and client-request-id seem to be fairly unique, so they are needed as exact match. Messed up a bit.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

ck8881 · ‎02-13-2022

Thanks. I got your point. Unfortunately, customer not accept the solution.

One more thing, do you have idea why matching is not work for below? if you any clue, please share with me

Thanks wilson,

Last inquiry - i did tried the split URL with simple URl like below, but not work. Do you have clue for it?

Example

edit "cisco.com"
set type fqdn
set fqdn "cisco.com"

edit "*.cisco.com*"
set host "cisco.com"
set path "/c/en_sg/index.html"

I can't access the the cisco.com/c/en_sg/index.html website and show "has been blocked by a policy restriction."

so i change another way and work with below.

edit "*.cisco.com*"
set host "cisco.com"
set path "/c*

I can access cisco.com/c/en_sg/index.html. but it's like weird to me or there is something requirement for the URL Path regex? I tried other URL like google also same behaviour

Thanks