Watchguard Firewall WebBlocker Regular Expression for Multiple Domains?
- by Eric
I'm pretty sure this is really a regex question, so you can skip to REGEX QUESTION if you want to skip the background.
Our primary firewall is a Watchguard X750e running Fireware XTM v11.2. We're using webblocker to block most of the categories, and I'm allowing needed sites as they arise. Some sites are simple to add as exceptions, like Pandora radio. That one is just a pattern matched exception with "padnora.com/" as the pattern. All traffic from anywhere on pandora.com is allowed.
I'm running into trouble on more sophisticated domains that reference content off of their base domains. We'll take GrooveShark as a sample. If you go to http://grooveshark.com/ and view page source, you'll see hrefs referring to gs-cdn.net as well as grooveshar.com. So adding a WebBlocker exception to grooveshark.com/ is not effective, and I have to add a second rule allowing gs-cdn.net/ as well.
I see that the WebBlocker allows regex rules, so what I'd like to do in situations like this is create a single regex rule that allows traffic to all the needed domains.
REGEX QUESTION:
I'd like to try a regex that matches grooveshark.com/ and gs-cdn.net/. If anybody can help me write that regex, I'd appreciate it.
Here is what is in the WatchGuard documentation from that section: Regular expression
Regular expression matches use a Perl-compatible regular expression to make a match. For example, .[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. Be sure to drop the leading “http://” Supports wild cards used in shell script. For example, the expression “(www)?.watchguard.[com|org|net]” will match URL paths including www.watchguard.com, www.watchguard.net, and www.watchguard.org.
Thanks all!