pattern match https proxy: *.domain.com* wont allow a.b.domain.com

edited July 2019 in Firebox - Proxies

Hi all. I try to whitelist a list of urls using http and https proxy action configuration.
using content inspection, i use pattern match to allow for *.pajak.go.id*
but it wont let 103.28.106.131 through (when doing reverse lookup, found that 103.28.106.131 is svc.efaktur.pajak.go.id). even though it will allow for www.pajak.go.id (43.242.133.18)

what is a better pattern match setting to let anything pajak.go.id through other than *.pajak.go.id*? should i add another rule to allow *.*.pajak.go.id*? now quick fix is to particularly allow 103.28.106.131

denial message of not letting 103.28.106.131 through:
2019-07-09 12:50:40 Deny ThisIsLocalIPAddress 103.28.106.131 https/tcp 60007 443 1-Trusted 0-External ProxyDeny: HTTPS domain name match (Whitelisting HTTPS-00) HTTPS-Client.Standard.Whitelist1 proc_id="https-proxy" rc="595" msg_id="2CFF-0003" proxy_act="HTTPS-Client.Standard.Whitelist1" rule_name="Default" sni="" cn="" ipaddress="103.28.106.131" src_user="ThisIsLocalDomainUser" Traffic
2019-07-09 12:50:40 Deny ThisIsLocalIPAddress 103.28.106.131 https/tcp 60007 443 1-Trusted 0-External HTTPS Request (Whitelisting HTTPS-00) HTTPS-Client.Standard.Whitelist1 proc_id="https-proxy" rc="548" msg_id="2CFF-0000" proxy_act="HTTPS-Client.Standard.Whitelist1" tls_profile="TLS-Client-HTTPS.Standard" tls_version="TLS_V1" sni="" cn="" cert_issuer="" cert_subject="" action="deny" app_id="0" app_cat_id="0" sent_bytes="0" rcvd_bytes="154" src_user="ThisIsLocalDomainUser" Traffic

steve

Comments

  • i have changed pattern match to regex .*\.*pajak\.go\.id\/*.* and disable allowing ip 103.28.106.131 to passthrough. result is it does not work.

    i begin to think that the software hardcoded ip address 103.28.106.131 instead of using address svc.efaktur.pajak.go.id. is there a way to knowing from the error message above?

    steve

  • Why do you have a * at the end of your entry ?
    Try this:
    *.pajak.go.id

Sign In to comment.