Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure Content Engine rules to send requests to Trend Micro VirusWall

Would like some guidance on how to correctly setup my Cisco Content engine with rules to divert HTTP requests containing references to certain file types (.exe, .scr ,etc) to Trend Micro VirusWall scanner proxy.

We do not want ALL HTTP requests to go to the proxy.

Brad Hanson

HealthPartners

  • Application Networking
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Configure Content Engine rules to send requests to Trend Mic

Brad,

the commands are :

rule use-proxy url-regex

rule enable

ie:

rule use-proxy 1.1.1.1 8080 url-regex "\.[exe|gif|jpg]^"

Gilles.

4 REPLIES
Cisco Employee

Re: Configure Content Engine rules to send requests to Trend Mic

Brad,

the commands are :

rule use-proxy url-regex

rule enable

ie:

rule use-proxy 1.1.1.1 8080 url-regex "\.[exe|gif|jpg]^"

Gilles.

New Member

Re: Configure Content Engine rules to send requests to Trend Mic

hey thanks. this almost does it...

the redirect to the trend micro antivirus check seems to be working like a champ!

i'm wondering about the syntax of your sample rule. I am not the best at regex but it seems that the caret (^) is a start of string anchor and we are looking for end of string match?

I have one that looks like:

rule use proxy 1.1.1.1 5000 url-regex ".+\..+/.+\.(doc|exe|zip|com)$"

to scan anything, dot, anything, slash, anything, and ending with dot and any of doc, exe, zip or com.

wondering if i don't do this that a domain reference ending in dot com would end up with a rule match from time to time.

thanks!!!

brad hanson

healthpartners

Cisco Employee

Re: Configure Content Engine rules to send requests to Trend Mic

Brad,

you're correct - the end of line is '$'.

Your regexp looks good.

you can use the command 'sho statistic rule all' to see if there is any hits for this rule.

Gilles.

New Member

Re: Configure Content Engine rules to send requests to Trend Mic

well, now we have to reexamine how this works.. AFTER putting a protocol monitor on the net to watch what traffic was being redirected by the rule, it appears that a simple regular expression isn't going to be able to determine what to send over to the proxy for virus scanning.

the URL string contains the full URL, which may include additional data.

the string:

http://www.site.com/myfile.html?a=www.site.com

will pass if we are looking for files ending in a .com, for example...

I'm looking for an expression that will determine if the document being requested ends with certain extensions, such as com/exe/bin/scr/dll/ etc.

Any ideas on the string that would actually allow this? thanks!!!!

135
Views
0
Helpful
4
Replies