For details on cookie usage on our site, read our Privacy Policy
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
Custom App for CRL downloads
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Custom App for CRL downloads
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
02-25-2013 01:14 PM
Hi,
I am trying to create a custom app that will match CRL downloads, to allow them without any questions ask. Shouldn't be too hard : on a previous web security gateway, I would match a pattern like the following: "http://([^/:])*crl.*\.crl"
When translated to an app signature, I already know I am looking for two patterns, on the following contexts:
- http-req-host-header
- http-req-uri-path
Now, my issue is that my pattern are incredibly simple. I am not able to reach the 7 bytes limit with this. One other way would be to match the MIME type in the RSP header I guess... application/pkix-crl or application/x-pkcs7-crl are fine. The issue is with the occasional misconfigured root CAs that still reports text/plain.
So.... Is there anything I can do with this to simply allow CRLs without creating a huge custom category?
Thank you.
- Labels:
-
App-ID
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
11-16-2021 03:15 AM
shouldn't be all "/" escaped?
.*((application/pkix-crl)|(application/x-pkcs7-crl)|(text/plain)|(application/octet-stream)).*
like this
.*((application\/pkix-crl)|(application\/x-pkcs7-crl)|(text\/plain)|(application\/octet-stream)).*
Just guessing because it was not working for me.
- How to query for Vulnerability Assessment Data in Cortex XDR Discussions
- EDL and Custom URL in Next-Generation Firewall Discussions
- URL Filtering Wildard - ? in URL in General Topics
- Can Palo use Akamai custom header (X-True-Source-IP) in Next-Generation Firewall Discussions
- CrowdStrike Falcon detection mirroring in Cortex XSOAR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
