Just upgraded to 3.1.0 from 3.0.6.
I had the following URL filtering profile that I used on an inbound rule with SSL decryption so that people could only connect to valid Exchange/Outlook Web Access URLs:
When I upgraded that rule stopped working, which I found is because the wildcard syntax has changed in 3.1.
The issue is that it seems the PAN truncates the entire URL that is fed to the Exchange server so I can't filter on the full length virtual directory name which is /Microsoft-Server-Activesync, if I add that to my URL policy I see blocks in the URL logs for:
In the change in 3.1.x wildcards need to be preceeded or followed by the following separators:
Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:
*.yahoo.com (tokens are *, yahoo, and com)
www.*.com (tokens are www, *, and com)
www.yahoo.com/search=* (tokens are www, yahoo, com, search, * )
*webmail.ourdomain.co.uk/Microsoft-Server** is invalid because "*" is not the only character in the token ie "*webail" and "Server**". Without valid separators you filter won't work.
Thanks for the reply.
I had read that, the problem is that the PAN won't recognize the true URL it seems to truncate it.
The actual virtual Exchange directory would be "webmail.ourdomain.com/Microsoft-Server-Activesync" but if I enter that I see blocks because as per the log entry that I posted, the PAN seems to truncate the entire URL.
I could simply list webmail.ourdomain.com but the whole idea here is that I want to only allow access to the legitimate Outlook/Exchange Virtual Directories in IIS.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!