I'm trying to figure out how to block domains and domain suffixes which are using an internationalized domain name. The names begin with ascii xn-- and continue from there. An example site would be: xn--rksmrgs-5wao1o.josefsson.org.
I've tried wildcard/regex matching for "*xn--*" being in domain but that doesn't seem to work and ruletracing is showing the site hitting as: http://r%C3%A4ksm%C3%B6rg%C3%A5s.josefsson.org/ when web gateway sees it. I've also tried blocking "*%*" in the domain name but also no success. Any idea on how I should go about this?
Goal: Block sites using IDNs within domain or domain suffix.
My own solution which is working well so far:
url.Raw does NOT match regex(^(?:https?:\/\/)*+(?:(?!xn--).)+?(?:\/.*)?$)
*edit, removed |% from the negative lookahead group