Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jammac
New Contributor III

URL filters and regexes

Do I have to include the delimiters!?
 
I.e. do I have to write
/fortinet/
or
fortinet
What if I'm matching a path?
Do I write
/fortinet\.com\/blub/
or can I change the delimiter which makes it more readable?
|fortinet\.com/blub|
or is it already escaping on its own somehow and the following would be enough? (it's not complaining)
fortinet\.com/blub
But then how would it recognize modifiers?

@CustomerService

 

 

- '/i' symbols means: makes the pattern case sensitive.
- For example: '/FORTINET/i' will not match with 'fortinet'.

 

 

 

 

In PCRE /i means make the match case-insensitive. So, the correct formulation would be:

- '/i' symbols means: makes the pattern case INsensitive.
- For example: '/FORTINET/i' will match with 'fortinet' as well as 'FORTINET'
- As well: '/fortinet/i' will match 'fortinet' as well as 'FORTINET'
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello jammac,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello jammac,

 

Could you please have a look into these KB articles:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-URL-Filter-expressions-for-the-FortiGate/t...

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-a-static-URL-filter-feature-to-allow...

 

Please, do not hesitate to indicate if it helped or not.

 

Regards,

Anthony-Fortinet Community Team.
gfleming
Staff
Staff

The linked document is 100% correct and accurate for Fortigate configurations. Fortinet is not producing documentation for general regex syntax. They are using their own. This makes sense as by default they want URL filters to be case insensitive (opposite behaviour to Linux systems). 

 

You only need to include the delimiters if you are adding modifiers like /i, etc. 

 

So you can have  URL filter regex that looks like "domainNAME\.com\/path" and this will match regex as per the linked document.

 

You can also have a filter like "/domainNAME\.com\/path/i" to make it case sensitive. (Opposite behaviour to linux).

 

Escapes are needed as per regex syntax. So if you want "." to be literal please escape it.

 

Cheers,
Graham
sw2090
Honored Contributor

Beware that the regexp parser in fortios seems to be partly buggy. I once had a case where I had a regexp in url filter of which even TAC stated it is correct but it still didn't work in url filter.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
jammac
New Contributor III

That is what I'd call a bug and not let them off the leash :beaming_face_with_smiling_eyes:

Labels
Top Kudoed Authors