I am trying to create a custom app that will match CRL downloads, to allow them without any questions ask. Shouldn't be too hard : on a previous web security gateway, I would match a pattern like the following: "http://([^/:])*crl.*\.crl"
When translated to an app signature, I already know I am looking for two patterns, on the following contexts:
Now, my issue is that my pattern are incredibly simple. I am not able to reach the 7 bytes limit with this. One other way would be to match the MIME type in the RSP header I guess... application/pkix-crl or application/x-pkcs7-crl are fine. The issue is with the occasional misconfigured root CAs that still reports text/plain.
So.... Is there anything I can do with this to simply allow CRLs without creating a huge custom category?