Page 1 of 1
regexp question
Posted: Wed Apr 05, 2017 10:21 am
by Suby
Hello,
I am a new RB2011 router user and I learn it now. I would like to do a Layour7 protocol. This protocol is going but I have problem. If I filtered a long name of sites for example "11111.aaaaa.bbbbb.akamaitechnologias.com" or "11111.aaaaa.bbbbb.akamaitechnologias.net" and I give regexp -> "akamaitechnologies" my lyout7 function do not work well and not enable to load that sites.
Please help me what is the correct regexp rule. I tryed more for exapmles:
regexp = "^(.*)(akamaitechnologies)(.&)$"
or
regexp = "^(.*akamaitechnologies*)$"
or
regexp = "^(akamaitechnologies)"
or
regexp = "akamaitechnologies"
So I need advise and I get it with pleasure.
(Sorry for my English...)
Thanx.....
Suby
Re: regexp question
Posted: Wed Apr 05, 2017 11:54 am
by Plutone
This regexp
regexp="(^|.\\.)akamaitechnologies\\.."
filter every akamaitechnologies.*** and ***.akamaitechnologies.*** domain
Re: regexp question
Posted: Wed Apr 05, 2017 6:51 pm
by Suby
This regexp
regexp="(^|.\\.)akamaitechnologies\\.."
filter every akamaitechnologies.*** and ***.akamaitechnologies.*** domain
Hello,
First, thank you for your kindness to answer to my question.
Unfortunatelly the regexp formula does not work. I do not know why and after I put it in the regexp the browser openes everything. So I would like to ask that I have to write to the regexp exactly as you wrote -> "(^|.\\.)akamaitechnologies\\.."
Second please help me that how to write to the regexp the "akamaihd" key world (the domain is "akamaihd.net"?
Best regards,
Re: regexp question
Posted: Thu Apr 06, 2017 1:49 am
by Plutone
add the following lines and then open a new incognito tab and try to reach
http://www.akamai.com/ (it should fail and you will see packets increasing for that rule on /ip firewall filter print stats )
/ip firewall layer7-protocol
add name=l7_akamai regexp="(^|.\\.)akamai\\.."
/ip firewall filter
add action=drop chain=forward disabled=yes layer7-protocol=l7_akamai log=yes
In this case you're blocking every ***.akamai.* domain.
Eg:
www.akamai.net
test.mt.akamai.net
aabbcc.11111.snssns.akamai.org
Re: regexp question
Posted: Thu Apr 06, 2017 11:09 am
by Suby
add the following lines and then open a new incognito tab and try to reach
http://www.akamai.com/ (it should fail and you will see packets increasing for that rule on /ip firewall filter print stats )
/ip firewall layer7-protocol
add name=l7_akamai regexp="(^|.\\.)akamai\\.."
/ip firewall filter
add action=drop chain=forward disabled=yes layer7-protocol=l7_akamai log=yes
In this case you're blocking every ***.akamai.* domain.
Eg:
http://www.akamai.net
test.mt.akamai.net
aabbcc.11111.snssns.akamai.org
Dear Plutone,
I appreciate your effort and help to me. Thank you...
But when I read your latest advise I perhaps realize what is the problem. You wrote
"In this case you're blocking every ***.akamai.* domain. " but what I want that is opposite.
So I would like to block everyting except akamaihd and akamaitechnilogies domains.
Please write to me how can I give the rule in this case?
Best regards,
Suby
Re: regexp question
Posted: Fri Apr 14, 2017 9:32 pm
by Suby
Hello,
First, thank you for your help (Plutone...)
I am using your layer7 rules and it is going well. But I have a little problem. I can not resolve 94.21.255.209 ip address with nslookup in console. I do not understand why.
If you had some ideas please write them down to help me.
Best regards,
Suby