Syntax and usage of Regex expressions
Last adaptation to the version: 11.8
- Article adaptation
Bei der Konfiguration der UTM werden für mehrere Anwendungen reguläre Ausdrücke (kurz Regex) benötigt. Ein Regex wird dazu verwendet, um eine Zeichenkette auf eine bestimmte Zusammensetzung zu prüfen. Im Folgenden wird die Zusammensetzung und die Anwendung von Regexen innerhalb der Securepoint UTM erklärt.
Within the Regex the following characters are used:
||Represents any character|
||matches all letters in brackets: a, b or c'|
||matches all letters except: a, b or c|
||matches all letters from: a to z|
||matches all letters from: a to z or A to Z|
||Represents the beginning of a line.|
||Represents the end of a line.|
||Represents a blank character.|
||disables the Regex function of the next character and "searches" for the following character|
||is a Return or a Linefeed (Windows new line)|
||repeats the previous character any number of times - also 0 times|
||repeats the previous character any number of times - at least 1 time|
||Represents the previous character, 1 time|
||Represents the previous character, 2 to 4 times sequentially.|
||Represents the previous character, at least 3 times|
||Represents everything but a colon|
In the example, the entered value of a text field is checked. The house number is to be entered in the text field. Due to the previously defined city, only house numbers from 1 to 9 and address additions from a to f remain.
The regex for this case would look like this:
If the address addition, a-f, is capitalized, this regex would not match. The regex should look like this so that upper case letters are captured:
To allow upper AND lower case, the regex should look like this:
In the example, the regex should match all contiguous words ending in point.
A Regex that matches all of these words looks like this:
In practice, the following would also be covered by the Regex:
That's not a point.
To prevent this behavior, the following regex would have to be used:
Example 3 - URL-Regex
In the URL example, you want to match on www.securepoint.de .
The following regex would be correct:
The two dots within the URL usually stand for any character in a regex. Using the example of the URL, however, the match should be made to exactly this point and not to any arbitrary character. As mentioned above, the backslash
\' overrides the regex function of the next character. So you can also match to the point. This is called escaping a character.
Usage of Regex
HTTP proxy: virus scanner
If, for example, the URL http://download.windowsupdate.com is to be included in the whitelist of the virus scanner, it is very important that exactly this URL is finally included in the whitelist.
So the matching regex is:
Alternatively, all protocols can be matched. This can be found in the predefined exceptions of the virus scanner:
A collection of different virus scanner Regex expressions can be found in emotion].
HTTP proxy: authentication exceptions
The protocol does not have to be specified in the proxy's authentication exceptions. Here the URL without protocol is simply specified as Regex:
The SSL interception uses the same principle as the authentication exceptions. The URL is specified as Regex without a protocol.