regexp end of string in Service Policy Rules

Bjorn Lindstrom · ‎07-15-2010

I'm trying to set up a service policy that allow access to only a few websites, but I'm having trouble using regexp to match URLs.
The problem is that end of string ($) does not work on the ASA.

This expression works fine

ASA# test regex www.google.com \.google\.com
INFO: Regular expression match succeeded.

while this one fail.

ASA# test regex www.google.com \.google\.com$
INFO: Regular expression match failed.

According to this page, $ is not a supported metacharacter.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/mpf.html#wp1102436

The problem with the first expression is that it will match any string that contains .google.com including, for example, www.google.com.thisisnotreallygoogle.net

I'm not an expert on regexp, is there any way to write the second expression that will work on the ASA or any other way to do the matching?

mirober2 · ‎07-16-2010

Hi Bjorn,

As you noticed, there is currently no effective way to do this with the ASA's regex matching. You would be better off using a more flexible URL blocking/filtering solution, like the CSC-SSM or Websense/Smartfilter.

As a side note, there is an enhancement bug filed (CSCsm89915) to add the "end of string" special character, which would let you accomplish this in the future:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm89915

Hope that helps.

-Mike