Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5136 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to setup a regex rule if I want to block all websites for x?

grammatonclerick
I want to block all websites with specific before and after:
i.e.

This is the main root 
  m8.za.2mdn.net 
 the most common root of the addy.

now I want to block 
 1.m8.za.2mdn.net 


This thread was automatically locked due to age.
  • 0
    I'm not sure I understand you correctly, probably you could rephrase your question in English [;)]

    Anyways, for a Regex that probably or not matches your requirement, try: 
    [A-Za-z0-9]*\.m8\.za\.2mdn\.net


    If you care for an explanation: 
    https://www.regex101.com/r/aH4dB5/1

    I want to block all websites with specific before and after:
    i.e.

    This is the main root 
      m8.za.2mdn.net 
     the most common root of the addy.

    now I want to block 
     1.m8.za.2mdn.net 
  • 0 in reply to lightxx
    Ok sure not a problem.

    Many tracking websites use the numbering tricks to stay in the game.  Let's assume that an ad/tracking site is "NSAADS.com"  they know that they will get black listed so they create: 1.NSAADS.com and NSAADS.1.com (yeah I know that 1.com is another site but stay with me).
    Now do you see the common theme here?  That is being NSAADS.
    So why do I want to waste the valuable lookup resources by adding all the variants if I can just define a rule that blocks everything that has NSAADS in it.  
    Sometimes I want to block *.NSAADS.com and sometimes I want to block NSAADS.*.com and sometimes *.NSAADS.*.com.
  • 0
    I don't think that what you are trying to achieve can be reasonably done using regular expressions. If you say they pro/retroactively make up new domains to prevent you from blocking their sites, you'd end up permanently changing and testing your RegExps. Domains are cheap, if I was the NSAADS guy i'd simply buy NSSAADS and NSADS and whatever comes to my mind as well.

    Anyways, for your example try:

    https://www.regex101.com/r/lL6jT1/1
  • 0
    Grammatonclerick, please show a line from the Web Filtering log where one of those URLs was allowed to pass.  Also, confirm that you're blocking the web ads category.

    Cheers - Bob
  • 0 in reply to BAlfson
    Thank you all.
    I am currently testing these rules in blocking:
    Just felt like sharing.



    ^https?://([A-Za-z0-9.-]*\.)?counter\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?2o7.net
    ^https?://([A-Za-z0-9.-]*\.)?omtrdc.net
    ^https?://([A-Za-z0-9.-]*\.)?metrics\.[A-Za-z0-9.]*
    ^https?://adserv\.[A-Za-z0-9.]*
    ^https?://adserver\.[A-Za-z0-9.]*
    ^https?://ads\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?ads\.[A-Za-z0-9.]*
    ^https?://adv\.[A-Za-z0-9.]*
    ^https?://advertising\.[A-Za-z0-9.]*
    ^https?://advert\.[A-Za-z0-9.]*
    ^https?://adverts\.[A-Za-z0-9.]*
    ^https?://affiliate\.[A-Za-z0-9.]*
    ^https?://affiliates\.[A-Za-z0-9.]*
    ^https?://banner\.[A-Za-z0-9.]*
    ^https?://banners\.[A-Za-z0-9.]*
    ^https?://affiliate\.[A-Za-z0-9.]*
    ^https?://gcirm\.[A-Za-z0-9.]*
    ^https?://reklam\.[A-Za-z0-9.]*
    ^https?://oascentral\.[A-Za-z0-9.]*

    ^https?://([A-Za-z0-9.-]*\.)?insightexpressai\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?esomniture\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?sitemeter\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?opentracker\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?stats\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?tracking\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?spylog\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?realtracker\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?***tracker\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?webwise\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?toolbar\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?doubleclick\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?2mdn\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?intellitxt\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?imrworldwide\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?cjt1\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?adbrite\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?websponsors\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?focalink\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?thruport\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?admanager\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?adnet\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?hyperbanner\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?casalemedia\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?zedo\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?advertising\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?adserver\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?bbelements\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?adtech\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?247realmedia\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?am15\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?glam\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?hitbox\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?extreme-dm\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?fastclick\.[A-Za-z0-9.]*
    ^https?://([A-Za-z0-9.-]*\.)?phorm\.[A-Za-z0-9.]*