Wildcard usage methods. Is it available ?

Question

Hi All, 
 
 General built-in Web categories are not enough for creating special in-depth web policies for non english spoken countries. Other than english languages foreign ones has its unique words, sentences even letters affects the domain names accordingly. These variables creates hardness for preparing secure network through policies. Is there any option available to resolve this kind of requirements in the Sophos Xg devices? 
 How to use wildcards and/or asterisks in Sophos Firewall and/or Cloud Endpoint Protection? 
 Exanple usage; 
 
 To block any host for site.com use:
 *.site.com 
 Another example when streaming-media category is blocked, The settings below allow access to youtube. 
 *.youtube.com
*.ytimg.com
*.youtube.com/watch
*.googlevideo.com 
 Then following characters are considered separators:
 ./?&=;+ 
 
 Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid: 
 *.yahoo.com => Tokens are: "*", "yahoo" and "com" 
www.*.com => Tokens are: "www", "*" and "com"
www.yahoo.com/search=* => Tokens are: "www", "yahoo", "com", "search", "*" 
 
 Thanks all.

Michael Dunn · Answer

Please see this KB I wrote a number of years ago about wildcard support in custom categories and url groups. https://support.sophos.com/support/s/article/KB-000036901?language=en_US

LuCar Toni · Answer

That is somehow not entire true. The problem is the detail: 
 
 Let me recap the wildcard situation quickly: 
 Most likely people ask for wildcards for "web based traffic". --> I want to allow everything coming from Sophos.com to be allowed. So all sub domains etc. 
 You can approach this in SFOS differently. --> DPI (TLS Decryption), Web exception or Firewall Rule. 
 In UTM, the web proxy was the only approach. And the Web Proxy allows the same kind of regex like SFOS does. But in fact, the UTM does not allow wildcard in firewall for firewall traffic (So bypass the firewall with *.sophos.com). 
 
 In SFOS, you can simply create a firewall rule: LAN to WAN with *.sophos.com and allow everything. 
 
 But as you move on a domain level, it gets complicated to interact with a URL. So if you want to allow Sophos.com/*, you cannot do this for Decryption. The answer is simply: If the product decide to decrypt the traffic, you have to do this on the first packet. So the first packet is your only chance to decide whether you decrypt or leave the packet. The first packet does not include a GET sophos.com/test --> Infact it is a simple TLS Handshake packet. See: https://tls.ulfheim.net/ There is something called SNI, which can give you another chance to include a domain as well (Sophos.com for example). But not a URL.

emmosophos · Answer

Hello Can, 
 Thank you for contacting the Sophos Community. 
 The XG only supports the use of ASCII characters, supporting another type of Character would be a Feature Request. 
 There&rsquo;s however an RFC that goes on how to convert non-ASCII characters( RFC 3490 ) . 
 Regards,

Wildcard usage methods. Is it available ?

Top Replies