views:

1215

answers:

2

On our Squid server, the admin has put on a new regex rule:

^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

I know that it stands for IP address, but it allows all URLs to go through, only pinging external address has stopped. Also tunneling software like UltraSurf have stopped connecting to the server. Skype also is not getting connected.

Please explain how this works! Thanks.

+1  A: 

I am not sure about your particular issue with the Squid server, but here is what the regex does:

[0-9]+ means "any digit one or more times", so it is matching a string that begins with a digit one or more times, followed by a dot, followed by a digit one or more times, followed by a dot, followed by a digit one or more times, followed by dot, followed by a digit one or more times.. then anything else. In essence, it is matching any IP address, so it wouldn't filter anything out. It will also match things that are not even valid IP addresses like 123456.123456.123456.123456 or 1.1.1.1 or 125.252.252.252asdf.

Paolo Bergantino
It does not match the end of the string, though. There could be arbitrary data after the ip wannabe
soulmerge
Oh, crap, I thought I saw the $
Paolo Bergantino
I know that its for IP since its a rule on Squid. But how does it work? Why doesnt it block URLs?
Pushkar
The regex matches ANYTHING that looks like an IP address. So I don't see why it would BLOCK anything when it MATCHES everything. I am not sure how the filters work in Squid but if its supposed to match IPs to ALLOW then this would let everything through.
Paolo Bergantino
A: 

Paolo has explained the meaning of the Regex well! As mentioned, the Regex currently being used is too weak (or should I say too restrictive!)

If you want a much better Regex to match IP addresses, see this page.

Cerebrus