- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
URL filter regexp
Solved! Go to Solution.
- Labels:
-
5.6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
right..
Just checked with wildcard option and *.ru/ and it works.
I'm on 6.0.3..
Site that you mentioned works "www.rum.se" and went trough list here on few and all blocked.
try..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm pretty sure this is an intended design - I know it was/is pointed out in the old 4.0.x documentation, that the fgt will insert a \ prefix in url expression before a \ character - you just don't see it in the GUI. Perhaps your issue is elsewhere - can you provide more info?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have two fortigate, one running 5.4.8 and one running 5.6.4.
The first one (FortiOS 5.4.8) have a VDOM in proxy mode and I use the IPv4 Policy to apply a Webfilter + static URL filter to the traffic. The URL filter have a policy \.ru\b Block Enable and it works as intended blocking the top domain ru.
The second one (FortiOS 5.6.4) have no VDOMs, runs in proxy mode and I use the Explicit Proxy Policy to apply a Webfilter + static URL. The URL filter have a policy \.ru\b Block Enable and it does not work, I have tested many different regexp patterns. The interesting thing though is that using exactly the same regexp as above gives a different result e.g. no match for www.google.ru .and other .ru sites
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If explicit proxy is setup on the second fgt, are you sure it is working properly? Have you forced (manual set a proxy server setting) on a client browser?
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, everything works correctly; AV, Webfilter, App-filter, Deep SSL-inspection - no problems.
I use PAC file and have no problem what so ever with that. Forced proxy setting make no difference.
So the logical conclusion is that handling of regular expressions must have changed. I can test the two systems side by side and get different results from the same URL filter regexp.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I know it's a long shot but can you try only with .ru
so create new url filter and set to regex + block and enter only .ru and try.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That regexp surely blocks all .ru sites, but it also blocks
sites like www.rum.se and I dont want that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
right..
Just checked with wildcard option and *.ru/ and it works.
I'm on 6.0.3..
Site that you mentioned works "www.rum.se" and went trough list here on few and all blocked.
try..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, the wildcard option solves this particular use case.
I am still curious as to why the very same regexp gives different result in the two Fortigates though.
I have opened a TAC-case with this question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi figge,
glad that this helps..
Do you have same fw version on both?