String and Regex pattern match for URL filtering

TABLE OF CONTENTS

• Question:
  • Case1: URL strings match
  • Case2: Regex pattern match
  • Case3: Complex regex pattern match
  • Pattern Test:
  • URL-Category Cache Must be enabled

Question:

How to use url string and regex pattern match in URL filtering

Solution:

In Versa flexvnf, URL based traffic filtering can be done based on url string or pattern match.

To match based on url string, define the exact url. e.g. www.facebook.com.

Case1: URL strings match

In cases where url filtering is based on pattern, we need to use regex to match url string, e.g .*facebook.* for url string www.facebook.com.

IMP NOTE: We use standard regex pattern and it is recommended to defined strict pattern match, else it may cause similar url's strings to match defined patterns.

Case2: Regex pattern match

Case3: Complex regex pattern match (\w*\.)microsoftonline\.com(\/.*)"

NOTE:- Tested on 21.2.3

admin@SDWAN-Branch3-cli(config)% show orgs org-services Tenant1 url-filtering
user-defined-url-categories {
    URL_with_Blackslash {
        urls {
            patterns "(\w*\.)microsoftonline\.com(\/.*)" {
                reputation trustworthy;
            }
        }
    }

Pattern Test:

Open public site as regexr.com or regextester.com can be used to validate the url string match to defined regex pattern.

Example: Defined pattern .*kp.* to match all north korean domain but its matching non korean domain url strings.

Correct pattern .*(\.kp)($|\/.*) to match all and only north korean domains.

URL-Category Cache Must be enabled to the IP address resolution/match to happen

Also please make sure to configure DNS at the System Level as shown in the snippet below: