Created on 01-23-2008 09:07 AM
type=virus subtype=filename pri=warning dst=204.160.99.125 dport=80 dst_int=" wan1" service=" http" status=blocked file=" windowsxp-kb892130-enu-x86_eebc1bd82ff4bc7b8eb46773704ffd5f8eef14aa.exe" url=" http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/windowsxp-kb892130-enu-x86_eebc1bd82ff4bc7b8eb46773704ffd5" ref=" n/a" msg=" File is blocked."As you can see the AV is blocking .EXE files. I have exempted in URL filter of the same profile the following site:
/\b.*windowsupdate\.com(.ar)*/iand still doesnt allow downloading from that site If I add an entry in simple mode (not regex) of " windowsupdate.com" it goes OK How should I type it in regex? Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 adobe.com 2 fpdownload.macromedia.com/get/flashplayer/current/install_flash_player.exe 3 mozilla.com 4 mozilla.org 5 office.microsoft.com 6 update.microsoft.com 7 windowsupdate.com 8 windowsupdate.microsoft.comI then made sure that every protection profile was allowed access to these sites (under Fortiguard Web Filtering > local ratings > ' Windows Updates' ). Only the last three are required for Windows Updates. The rest are for other software my organization deems useful... These regexs will do the same thing: /download\.windowsupdate\.com.*/ /update\.microsoft\.com.*/ /windowsupdate\.com.*/
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-23-2008 12:05 PM
regex /\b.*freelotto.*/i doesnt match simple freelotto.comsimple freelotto.com matches regex /\bfreelotto\.(com|org|net|au|etc.)/i or better yet /\bfreelotto\..*/i
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-24-2008 03:15 AM
Even if I dont to do of it a regex forum, I' m still a little disappointed because not even the expression " /freelotto\.(com|net)/i" works as expected (try it yourself) Beyond this little sample, I would like to ask how to set metacharacters in the beginning of the expression, say how to include all possible variants of a single string. ie. not only freelotto.com, but also winfreelotto.com playfreelotto.net freelottoonline.com" /freelotto\.(com|net)/i" will not work if anything follows the ' .com|.net' . A ' .*' combination would have to follow to allow anything else. Same for the beginning, another ' .*' would need to be there. Problem here is if someone types in something like www.freeproxy.net/(bypass site here)?freelotto.com, the url would pass, and they would get to the proxy site. Not sure if the reply would still pass, but it' s a start. A safer beginning would be ' .{5}' , which would indicate only 5 characters before, not any number. Could also be {min, max}.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-24-2008 08:36 AM
" /freelotto\.(com|net)/i" will not work if anything follows the ' .com|.net' . A ' .*' combination would have to follow to allow anything else. Same for the beginning, another ' .*' would need to be there.That' s precisely what I am trying to say When i set the regex " /\b.*freelotto.*/i" none of the above match positively
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 01-28-2008 12:07 PM
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.