regexp end of string in Service Policy Rules

Unanswered Question
Jul 15th, 2010
User Badges:

I'm trying to set up a service policy that allow access to only a few websites, but I'm having trouble using regexp to match URLs.
The problem is that end of string ($) does not work on the ASA.


This expression works fine


ASA# test regex www.google.com \.google\.com
INFO: Regular expression match succeeded.


while this one fail.


ASA# test regex www.google.com \.google\.com$
INFO: Regular expression match failed.



According to this page, $ is not a supported metacharacter.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/mpf.html#wp1102436


The problem with the first expression is that it will match any string that contains .google.com including, for example, www.google.com.thisisnotreallygoogle.net


I'm not an expert on regexp, is there any way to write the second expression that will work on the ASA or any other way to do the matching?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mirober2 Fri, 07/16/2010 - 07:18
User Badges:
  • Cisco Employee,

Hi Bjorn,


As you noticed, there is currently no effective way to do this with the ASA's regex matching. You would be better off using a more flexible URL blocking/filtering solution, like the CSC-SSM or Websense/Smartfilter.


As a side note, there is an enhancement bug filed  (CSCsm89915) to add the "end of string" special character, which would let you accomplish this in the future:


http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm89915


Hope that helps.


-Mike

Actions

This Discussion

Related Content