I'm trying to figure out how to block domains and domain suffixes which are using an internationalized domain name. The names begin with ascii xn-- and continue from there. An example site would be: xn--rksmrgs-5wao1o.josefsson.org.
I've tried wildcard/regex matching for "*xn--*" being in domain but that doesn't seem to work and ruletracing is showing the site hitting as: http://r%C3%A4ksm%C3%B6rg%C3%A5s.josefsson.org/ when web gateway sees it. I've also tried blocking "*%*" in the domain name but also no success. Any idea on how I should go about this?
Goal: Block sites using IDNs within domain or domain suffix.
Thanks for this tidbit. Is it working well still? For the regex-impaired, can you specify what the regex is doing and more importantly what action you're taking in the policy if that does not match is true? Block? Warning page?
Also, sadly, the new support community framework has made a dog's breakfast of the regex I'm afraid. Repasting:
url.Raw does NOT match regex(^(?:https?:\/\/)*+(?:(?!xn--).)+?(?:\/.*)?$)
or adding a __DELETEME__ to keep from auto-frown emoji to occur
url.Raw does NOT match regex(^(?:https?:\/\/)*+(?:__DELETEME__(?!xn--).)+?(?:\/.*)?$)