So what if you want to allow or block an entire domain with a single entry a wildcard list?
There are a couple of use cases to consider. The first is when you want to match URL.Host only on www.domain.com and domain.com. We'll ignore the fact that www.domain.com and domain.com won't always resolve to the same server (usually they will, and in most cases administrators will want to allow (or block)domain.com if they are going to allow (or block) www.domain.com). The other use case is when you want to match domain.com, www.domain.com, foo.domain.com and foo.bar.domain.com. In short, the second use case is where you want to cover *.domain.com and domain.com with a single entry.
AFAIK the best (simplest) single entry wildcard list form for usecase 1 is: regex((www\.)?domain\.com)
AFAIK the best (simplest) single entry wildcard list form for usecase 2 is: regex((.+\.)*domain\.com)
Now a lot of people aren't comfortable with regex and like GLOB a lot better (because it's easier for the non-regex savy people to read, and it's also easier to convert existing domain lists), or they might be looking for a solution that doesn't even use wildcard lists (match operations will be faster). Here is an example ruleset that has rules that use GLOB in wildcard lists, or regex in wildcard lists, or just straight string lists to accomplish the same thing.
Lastly there is a feature request in to create a property that enumerates all the domains and subdomains of a given host. The Set UDP.DomainList ruleset accomplishes this and puts the possible domains in a predictable order.
This User-Defined.DomainList (list of string) property can then be used to match against string lists with entries of the form domain.com, xxx, co.uk, bbc.co.uk, etc. For efficiency sake though, I would highly recommend matching a single entry in the DomainList against a single string list and separate the lists you are matching against by TLD (top level domain), 1st level sub domain etc. In other words, you would use ListOfString.Get(User-Defined.DomainList,1) is in list Blocked 1st Level SubDomain List and all entries in the Blocked 1st Level SubDomain list would be of "one dot" form (co.uk, domain.com, example.com, mcafee.com) etc.Message was edited by: jebeling on 10/20/11 11:15:31 AM CDT
This ruleset is now obsolete. The new URL.HostBelongsToDomains(String List) property handles all of this for you.
URL.Domain is a string property which contains the top level domain of the requested URL. Whereas URL.HostBelongsToDomains, is a boolean property which requires a list for it's settings, it returns true if the URL's top level domain is in the list...
(this will be in an update coming to my URL property guide https://community.mcafee.com/docs/DOC-4514)
Thanks. Excuse my newbie ignorance please, but I still don't see the difference. Both of them seem to get me to the same result...
I see I still have *a lot* to learn. What has that to do with logging? Let's assume I write the default access.log - would I see different results in the log when using one vs. the other property?
As stated URL.HostBelongsToDomains, is a boolean property and URL.Domain is a string property.
If you wanted to log the "domain" of the url like "mcafee.com", instead of mail.mcafee.com, www.mcafee.com, download.mcafee.com etc... URL.Domain would help accomplish this.
URL.HostBelongsToDomain, would simply equal "true" or "false" instead if "mcafee.com".
I understand that, but I still don't get the logging part. If using URL.HostBelongsToDomain I would have true/false in my access log instead of mcafee.com?