1 Reply Latest reply on Aug 2, 2013 3:28 AM by asabban

    MWG 6.9 Blocking URL pattern

    brinkn

      Hello!

           I have a question regarding MWG6.9.x and blocking malicious sites with a specific url pattern.  For the past few months we have been bombarded with malware comming from sites similiar to the below list.  All of the URL's have the regex format of "main.php\?(info|label)(=\S{22}==)".  I would love to be able to block access to these url's with the gateway, however my undertanding is that I can only filter on the domain name upto the '?' paramaters.

       

       

      http://domain.com/main.php?info=DaZIp3++bJAoOBSEwsDxiQ==

      http://domain1.nl/main.php?label=W67kDPWIx5EJsfs84iKttw==

      http://domain2.co.nz/joomla/main.php?info=A7JnC8ZuUfYHNcA81ZpAog==

      http://domain3.com/main.php?label=bDQ4THtidNfsgl3mnqVHTA==

      http://domain4.de/main.php?label=+LMgVo1Ti8yVOCq+EWgOnQ==

      http://domain5.com/main.php?label=FkPnJruDcU83e+7QAn482w==

      http://domain6.com/main.php?label=0UU7Di3TZ9ikuazg+KGpNA==

      http://domain7.com/main.php?info=LNGKl3coIhYNGlLv03E1tw== 

      http://domain8.com/main.php?info=+W8F446GdsRsLmWIbzKApg==

      http://domain9.com/main.php?label=MzWLdKRcXhxxWkn/KntcgQ==

      http://domain0.be/main.php?info=4cTNspAgwgVvGHtEXkE+rA==

       

       

      Anyone have any ideas on how to approach this?  Im sure I could do with with MWG7, however that is not an option for a few months.