cancel
Showing results for 
Search instead for 
Did you mean: 
sgaubert
Level 7

MWG7 How to make a wildcard list from a string list ?

Jump to solution

Hello,

I am trying to find a way to obtain a wildcard list from a string list in a rule event.

I need this in order to validate that the URL.Host property matches the Certificate.SSL.AlternativeCNs when this second property contains wilcards caracters '*'. As Certificate.SSL.AlternativeCNs property is a string list I can't use it as parameter of 'matches in list' operator as it requires a wildcard list.

So I need to find a way to transform Certificate.SSL.AlternativeCNs into a wildcard list property in order to be able to allow wildcard alternative CNs present in X.509 certificates.

Regards,

Stéphane

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: MWG7 How to make a wildcard list from a string list ?

Jump to solution

Try this:

Rule Criteria:

String.Concat ("*.", String.ReplaceFirstMatch (URL.Host, regex(^.*?\.(.*?)$), "\1")) is in list Certificate.SSL.AlternativeCNs

Basically, it does the following:

Take URL.Host and clip off the first string up to the first period:  www.google.com = google.com

Pastes a "*." in front of it: *.google.com

Checks it against the the AlternativeCNs string list.

It's not checking for a regex match of the URL.Host to the CN list, but instead does a string match of "*.google.com" = "*.google.com"

Test it by going to https://www.youtube.com

You should be able to get there whereas, it would have blocked before.

0 Kudos
2 Replies
eelsasser
Level 15

Re: MWG7 How to make a wildcard list from a string list ?

Jump to solution

Try this:

Rule Criteria:

String.Concat ("*.", String.ReplaceFirstMatch (URL.Host, regex(^.*?\.(.*?)$), "\1")) is in list Certificate.SSL.AlternativeCNs

Basically, it does the following:

Take URL.Host and clip off the first string up to the first period:  www.google.com = google.com

Pastes a "*." in front of it: *.google.com

Checks it against the the AlternativeCNs string list.

It's not checking for a regex match of the URL.Host to the CN list, but instead does a string match of "*.google.com" = "*.google.com"

Test it by going to https://www.youtube.com

You should be able to get there whereas, it would have blocked before.

0 Kudos
sgaubert
Level 7

Re: MWG7 How to make a wildcard list from a string list ?

Jump to solution

Hello,

I did not think to take the problem the other way round, and to make a wildcard string from the URL.Host instead of trying to match with a list of wildcard strings. It works as expected.

Thank you very much.

Stéphane

0 Kudos