Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2443
Views
0
Helpful
1
Replies

Ironport - URL redirect

david.gillett
Level 1
Level 1

‎09-04-2013 09:53 AM

Hello,

My work has a  Cisco Ironport S370 running Async OS 7.5.

I am trying to teach myself the Ironport Regex and having no luck.

We want to redirect users/students going to a website used for testing.

An example of the website is (learning.com isn't the actual site, just an example)

https://server32.learning.com/298555/

https://server32.learning.com/298556/

https://server32.learning.com/298557/

We want to be able to redirect all 3 sites to the same site but with a different number at the end

https://server32.learning.com/298575/

So far my regex looks like this

server[0-9]*\.learning\.com/298555

Any help would be very much appreciated

Labels:
0 Helpful
1 Reply 1

Vance Kwan
Cisco Employee
Cisco Employee

‎09-04-2013 09:24 PM

David,

The Cisco Ironport WSA's specifically use Regular Expressions Flex.

First off, the WSA will only manipulate HTTP.  So if the sites in question are indeed in HTTPS, you will need to make sure it gets Decrypted in a Decryption Policy.  This can get tricky depending on how you are deployed.  I will assume WCCP since that seems to be the most common to me.  In a Transparent deployment, the WSA will not know the URL that the client is trying access until it is decrypted.  To force a decryption for that specific site(s), you will need to get the Common Name of the SSL Server Certificate.  There are many ways to get it, but if you have access to OpenSSL, you can use the following command:

$ openssl s_client -connect "server32.learning.com:443"

This will complete the SSL handshake and you should see the CN some where in the text message.  In your example above, I want to guess that the CN could be *.learning.com.  You will need to place learning.com, and .learning.com into a Custom URL Category, and force the traffic to be Decrypted.

How many sites are we referring to?  You won't be able to make a RegEx that will catch server32.learning.com/12345, and have the WSA automatically detect 12345, and redirect it to teaching.com/12345.  Each one will need to have its own regular expression.  So in your example above, this is what I'd do:

In the Access Policies, have the RegEx server32.learning.com/298555, and Redirect it to server32.teaching.com/298555.  Depending on how many you need to do, you're going to need 1 single URL category for each.  Excessive URL categories are known to cause performance problems.

Are you trying to have 1 single RegEx do the job?  If so, the destination (redirected) URL will not have any correlation with the URL being accessed.  The WSA does not have the ability to pull information out of the original URL, and append it to a destined redirection.  Was this what you are trying to do?

This issue can get quite sticky.  I'd recommend you open a TAC case and speak to an engineer regarding your intentions.

-Vance

0 Helpful
Customers Also Viewed These Support Documents