Jump to:navigation, search


Syntax and usage of Regex expressions

Last adaptation to the version: 11.8


  • Article adaptation
  • Translation

Introductory remarks

Bei der Konfiguration der UTM werden für mehrere Anwendungen reguläre Ausdrücke (kurz Regex) benötigt. Ein Regex wird dazu verwendet, um eine Zeichenkette auf eine bestimmte Zusammensetzung zu prüfen. Im Folgenden wird die Zusammensetzung und die Anwendung von Regexen innerhalb der Securepoint UTM erklärt.


Within the Regex the following characters are used:

. Represents any character
[abc] matches all letters in brackets: a, b or c'
[^abc] matches all letters except: a, b or c
[a-z] matches all letters from: a to z
[a-zA-Z] matches all letters from: a to z or A to Z
^ Represents the beginning of a line.
$ Represents the end of a line.
\s Represents a blank character.
\ disables the Regex function of the next character and "searches" for the following character
\r\n is a Return or a Linefeed (Windows new line)
* repeats the previous character any number of times - also 0 times
+ repeats the previous character any number of times - at least 1 time
{1} Represents the previous character, 1 time
{2,4} Represents the previous character, 2 to 4 times sequentially.
{3,} Represents the previous character, at least 3 times
[^:] Represents everything but a colon


Example 1

In the example, the entered value of a text field is checked. The house number is to be entered in the text field. Due to the previously defined city, only house numbers from 1 to 9 and address additions from a to f remain.
The regex for this case would look like this:

If the address addition, a-f, is capitalized, this regex would not match. The regex should look like this so that upper case letters are captured:

To allow upper AND lower case, the regex should look like this:

Example 2

In the example, the regex should match all contiguous words ending in point.

A Regex that matches all of these words looks like this:

In practice, the following would also be covered by the Regex:
That's not a point.

To prevent this behavior, the following regex would have to be used:

Example 3 - URL-Regex

In the URL example, you want to match on www.securepoint.de .
The following regex would be correct:

The two dots within the URL usually stand for any character in a regex. Using the example of the URL, however, the match should be made to exactly this point and not to any arbitrary character. As mentioned above, the backslash \' overrides the regex function of the next character. So you can also match to the point. This is called escaping a character.

Usage of Regex

HTTP proxy: virus scanner

If, for example, the URL http://download.windowsupdate.com is to be included in the whitelist of the virus scanner, it is very important that exactly this URL is finally included in the whitelist.

So the matching regex is:
Alternatively, all protocols can be matched. This can be found in the predefined exceptions of the virus scanner:
Example: ^[^:]*://download\.windowsupdate\.com/

A collection of different virus scanner Regex expressions can be found in emotion].

HTTP proxy: authentication exceptions

The protocol does not have to be specified in the proxy's authentication exceptions. Here the URL without protocol is simply specified as Regex:
Example: www\.securepoint\.de

HTTP-proxy: SSL-interception

The SSL interception uses the same principle as the authentication exceptions. The URL is specified as Regex without a protocol.
Example: www\.securepoint\.de oder .*\.securepoint\.de