Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

regexp end of string in Service Policy Rules

I'm trying to set up a service policy that allow access to only a few websites, but I'm having trouble using regexp to match URLs.
The problem is that end of string ($) does not work on the ASA.

This expression works fine

ASA# test regex www.google.com \.google\.com
INFO: Regular expression match succeeded.

while this one fail.

ASA# test regex www.google.com \.google\.com$
INFO: Regular expression match failed.


According to this page, $ is not a supported metacharacter.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/mpf.html#wp1102436

The problem with the first expression is that it will match any string that contains .google.com including, for example, www.google.com.thisisnotreallygoogle.net

I'm not an expert on regexp, is there any way to write the second expression that will work on the ASA or any other way to do the matching?

1 REPLY
Cisco Employee

Re: regexp end of string in Service Policy Rules

Hi Bjorn,

As you noticed, there is currently no effective way to do this with the ASA's regex matching. You would be better off using a more flexible URL blocking/filtering solution, like the CSC-SSM or Websense/Smartfilter.

As a side note, there is an enhancement bug filed  (CSCsm89915) to add the "end of string" special character, which would let you accomplish this in the future:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsm89915

Hope that helps.

-Mike

617
Views
0
Helpful
1
Replies