09-04-2013 09:53 AM
Hello,
My work has a Cisco Ironport S370 running Async OS 7.5.
I am trying to teach myself the Ironport Regex and having no luck.
We want to redirect users/students going to a website used for testing.
An example of the website is (learning.com isn't the actual site, just an example)
https://server32.learning.com/298555/
https://server32.learning.com/298556/
https://server32.learning.com/298557/
We want to be able to redirect all 3 sites to the same site but with a different number at the end
https://server32.learning.com/298575/
So far my regex looks like this
server[0-9]*\.learning\.com/298555
Any help would be very much appreciated
09-04-2013 09:24 PM
David,
The Cisco Ironport WSA's specifically use Regular Expressions Flex.
First off, the WSA will only manipulate HTTP. So if the sites in question are indeed in HTTPS, you will need to make sure it gets Decrypted in a Decryption Policy. This can get tricky depending on how you are deployed. I will assume WCCP since that seems to be the most common to me. In a Transparent deployment, the WSA will not know the URL that the client is trying access until it is decrypted. To force a decryption for that specific site(s), you will need to get the Common Name of the SSL Server Certificate. There are many ways to get it, but if you have access to OpenSSL, you can use the following command:
$ openssl s_client -connect "server32.learning.com:443"
This will complete the SSL handshake and you should see the CN some where in the text message. In your example above, I want to guess that the CN could be *.learning.com. You will need to place learning.com, and .learning.com into a Custom URL Category, and force the traffic to be Decrypted.
How many sites are we referring to? You won't be able to make a RegEx that will catch server32.learning.com/12345, and have the WSA automatically detect 12345, and redirect it to teaching.com/12345. Each one will need to have its own regular expression. So in your example above, this is what I'd do:
In the Access Policies, have the RegEx server32.learning.com/298555, and Redirect it to server32.teaching.com/298555. Depending on how many you need to do, you're going to need 1 single URL category for each. Excessive URL categories are known to cause performance problems.
Are you trying to have 1 single RegEx do the job? If so, the destination (redirected) URL will not have any correlation with the URL being accessed. The WSA does not have the ability to pull information out of the original URL, and append it to a destined redirection. Was this what you are trying to do?
This issue can get quite sticky. I'd recommend you open a TAC case and speak to an engineer regarding your intentions.
-Vance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide