• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Testing some good Regex expressions for use with Squid Proxy and custom spliced URL lists.

Scheduled Pinned Locked Moved Cache/Proxy
5 Posts 2 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    JonathanLee
    last edited by JonathanLee Feb 6, 2023, 1:08 AM Feb 6, 2023, 1:07 AM

    Hello fellow Netgate Community,

    I put together some small regular expressions you can use if you want they are working great for me.

    This is for use with Roblox and its use with multiple t and c and apis servers for rbxcdn.com and the need to splice them. I got tired of entering multiple urls for urls that change one digit or have t or a c in them.

    Screenshot 2023-02-05 at 5.04.02 PM.png
    I have a custom URL spliced file,

    acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/url.nobump"

    Screenshot 2023-02-05 at 4.49.41 PM.png
    (use with custom file)

    Roblox:
    ^(apis|((t|c)[0-9])).rbxcdn.com

    Disney Plus and the multiple bamgrid.com usage:

    ^(disney.(content|connections)).edge.bamgrid.com

    Android smartphone push notifications use while on wifi:

    ^((alt)([0-9])(-))?mtalk.google.com

    ^(((clients)[0-9])|accounts).google.(com|us)

    ^(crl|ocsp).pki.google.com

    Use of these regular expressions clears up a lot of entries where you need to splice and not intercept.

    Make sure to upvote

    J 1 Reply Last reply Feb 6, 2023, 1:11 AM Reply Quote 1
    • J
      JonathanLee @JonathanLee
      last edited by Feb 6, 2023, 1:11 AM

      @jonathanlee
      Screenshot 2023-02-05 at 5.10.24 PM.png

      if you want, test out your own.

      Make sure to upvote

      M 1 Reply Last reply Feb 6, 2023, 1:39 AM Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @JonathanLee
        last edited by Feb 6, 2023, 1:39 AM

        @jonathanlee good job!

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        J 1 Reply Last reply Feb 6, 2023, 4:38 AM Reply Quote 1
        • J
          JonathanLee @michmoor
          last edited by JonathanLee Feb 7, 2023, 8:54 PM Feb 6, 2023, 4:38 AM

          @michmoor thanks let me know if you have any others 😊.

          Here is another one that includes more for mtalk.
          ^((alt[0-9]-mtalk.)|(mtalk.)|(mtalk-(staging|dev).))google.com
          works for both alt0-9 and mtalk and mtalk-staging mtalk-dev

          With reflection on BigO notation or speed it takes to process the URL this could be better or worse with respect to just separating the other beginning terms outside of the alt[0-9] terms within this regular expression. Again, that website also provides a time and steps to process counter to help with that. Does it reflect the speed within pfsense? That is something I do not know as some firewalls come with multi cores alongside multiple CPUs.

          Make sure to upvote

          J 1 Reply Last reply Feb 11, 2023, 2:35 AM Reply Quote 0
          • J
            JonathanLee @JonathanLee
            last edited by Feb 11, 2023, 2:35 AM

            @jonathanlee

            Screenshot 2023-02-10 at 6.32.55 PM.png

            I adapted this for testing and set it to stare all because of this statement on their website, "The following configuration obtains SNI by parsing TLS Client Hello (due to a matching peek rule at step1) and then either splices bank connections OR stares at the TLS Server Hello (due to a matching stare rule) and bumps non-bank connections (due to the default bump-after-stare rule)."

            It has a default bump after stare rule, so bump step 3 is not needed
            I am thinking. This also seemed to speed up everything.

            Ref:
            https://wiki.squid-cache.org/Features/SslPeekAndSplice

            Make sure to upvote

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received