ProxySG & Advanced Secure Gateway

 View Only

 How should I write URL on Destination of VPM rule with wildcard ?

Yoshinori Kobayashi's profile image
Yoshinori Kobayashi posted Mar 01, 2021 05:25 AM
Dear Sirs,

I want to do policy hit for one URL with wildcard.

<< Example >>
I want to hit the following URL with one Policy Rule.

https://www.abc,com
https://111.abc.com
https://222.abc.com
https://333.abc.com

I wrote the [ *.abc.com ] as Policy rule to hit the above URL.
But, the expected operation cannot be achieved.
I would like to know how should I write the URL on Destination of Policy rule with VPM.

Note) SSL traffic is no SSL detection.
Paul Riddington's profile image
Paul Riddington
Hello,

You can't use a wildcard in a standard request URL type object, only as part of a regex expression and also you can't specify https:// without SSL interception. I am not sure what deployment method you are using (explicit or transparent) but with explicit you can simply match by domain abc.com, or by the actual host names (www.abc.com and so on). The solution for a transparent deployment depends on how you have the https service configured.

Regards
Paul
Sakkarin Pichetskul's profile image
Sakkarin Pichetskul
Hi Yoshinori Kobayashi,

In the ProxySG and ASG can use this CPL command for create the policy as same as wildcard domain below.

define condition Domain_Wildcard
url.domain=abc.com
end
;;;;;;same define condition;;;;;;;

define url.domain condition Domain_Wildcard
abc.com
end
;;;;;;same define condition;;;;;;;

<proxy>
condition=Domain_Wildcard allow

Because in the proxySG is define each parameter in the URL below

Example,

https://community.broadcom.com/symantecenterprise/communities/community-home/index.php

" https:// " is a schema/protocol
" community " is a subdomain
" broadcom.com " is a domain
" /symantecenterprise/communities/community-home/ " is a directory path
" .php " is a extension file type

So, if you define the object url.domain and input the value " abc.com " the proxySG will know same the " *.abc.com "
on the VPM object, use the request URL object and in put only domain in simple match.

Thank you and BR
Sakkarin Pichetskul
Yoshinori Kobayashi's profile image
Yoshinori Kobayashi
Hi Paul, and Sakkarin,

Thank you for quick response.
I understand the SSL intercept must be needed to take care https://.
And, thank you for many advices.
I will try again based on your advices.


Regards,
Y.Kobayashi