Squidguard Regular Expression

TTGest · Feb 14, 2022, 4:14 PM

Hi,
I've realized that from pfSense 2.5 to 2.6 if using Regular Expression in SquidGuard, only main part of URL is parsed.

EG: if Regular expression contains

.*\.(com)

all pages like ebay.COM, google.COM and so are blocked.

If Regular Expression is

winzip

www.winzip.com is blocked but www.test.com/winzip it's bypassed.

My main goal it's to block downloads by extension, but only it could be solved when all the URL will be parsed.

Michele Trotta · Feb 16, 2022, 9:31 AM

Hello,

try with
(. * \ /.* . (EXE | COM | BAT))

Block all downloads with FIle .EXE .COM and .BAT

Michele

TTGest · Feb 16, 2022, 9:38 AM

Thanks Michele, but it doesn't work. As I stated in first post, it seems to be a bug as only www.domain.com part is parsed, but not the rest of the URL.

EG. if URL is www.domain.com/downloads/app.exe , your Regex will not match, as "exe" is not a pattern in www.domain.com which is the only string which seems to be evaluated.

Maybe a Netgate programmer could take a look over this issue? Where to publish a bug?

Regards!

Michele Trotta · Feb 16, 2022, 9:49 AM

Hi ttgest,
this export ONLY blocks downloads.

If you need to block downloads then

create a new target categories called Block_EXE
in regula expression copy this (. * \ /.*. (EXE | COM | BAT))
Save
in your Groups ACL (for example G_TEST) deny the Block_EXE
save
After saving, go to General Settings and Apply!

Michele

JonathanLee · May 24, 2022, 2:29 PM

@ttgest you can also try a regular expression tester online. I found a good one. I was having issues with t.co I wanted it blocked however it would block microsoft.com I had to adjust and test with the regular expression tester. Some basic examples below.

!