Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Custom App for CRL downloads

L1 Bithead


I am trying to create a custom app that will match CRL downloads, to allow them without any questions ask. Shouldn't be too hard : on a previous web security gateway, I would match a pattern like the following: "http://([^/:])*crl.*\.crl"

When translated to an app signature, I already know I am looking for two patterns, on the following contexts:

  • http-req-host-header
  • http-req-uri-path

Now, my issue is that my pattern are incredibly simple. I am not able to reach the 7 bytes limit with this. One other way would be to match the MIME type in the RSP header I guess... application/pkix-crl or application/x-pkcs7-crl are fine. The issue is with the occasional misconfigured root CAs that still reports text/plain.

So....  Is there anything I can do with this to simply allow CRLs without creating a huge custom category?

Thank you.

Who Me Too'd this topic