This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Negative lookahead regular expression not working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Negative lookahead regular expression not working

BenLassila
L3 Networker

‎03-11-2011 04:14 AM

Hi

Bit of an advanced regex feature, but I would like to set up a custom vulnerability signature to detect browsers (user-agent) that are not Internet Explorer. True, one could detect Firefox specifically, but there are so many different browsers in the wild that it is impossible to match them all.

The regex I'm attempting therefore is: User-Agent: (?!.*MSIE).*

The regular expression would match if any browser type (user-agent) is not MS Internet Explorer, which is what I need.

However, PANOS 4.0.0 doesn't seem to like this syntax and returns an error:-

Operation Failed:

-> signature > standard > Firefox -> and-condition -> And Condition 1 -> or-condition-> Or Condition 1 -> operator -> pattern-match -> pattern "User-Agent: (?!.*MSIE).* is invalid. syntax error at ?

Is there any other way to achieve the detection of non-MSIE browsers?

Thanks

Kind regards, Ben

0 Likes Likes
4 REPLIES 4

fredallee
L4 Transporter

‎03-15-2011 12:55 AM

Hi Ben,

As you've figured out, the answer to your question is no we don't support negative lookahead regex. I think it's doable, but it may not be supported in regex. Instead we could expose a negative flag that you can associate with a pattern in the signature. So you would first look for User-Agent, then MSIE with a negative flag, which would trigger if MSIE was not found after the User-Agent trigger. This will require some software and engine work. If this works for you, can you have your SE log a feature request and we will see where we can get it scheduled in.

Thanks,

Alfred

0 Likes Likes

alexis_janin
Not applicable
In response to fredallee

‎08-03-2011 04:46 AM

Hi,

As i have the same problem and that currently, the PAN OS 4.0.3 still doesn't support negative regexp, i would know if there is a fix coming or not?

Thanks for answers,

Alexis

0 Likes Likes

HMarch
L0 Member
In response to fredallee

‎05-29-2012 02:05 PM

I would be *very* interested in this feature as well: any news on implementation?

0 Likes Likes

BenLassila
L3 Networker
In response to HMarch

‎05-30-2012 12:58 AM

No, PA said implementation would have negative impact on performance. 

0 Likes Likes
  • 3575 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks