DNS Redirector
 Return to FAQ List

FAQ 112: Use regular expressions in AllowedKeywordsFile

Category: BlockedIP function

DNS Redirector v7 allows for regular expressions (also referred to as regex or regexp) in any keyword list.

All keyword lists need to have at least one non-regex keyword present; that's at least 1 line not starting with ^

A helpful site for understanding regex is: www.regular-expressions.info


   A plain keyword such as...
   is too generic because it would allow all of these domains...
fakemalwarebytes.org *
malwarebytes.orgfakesite.com *
malwarebytes.org.otherfakesite.com *
   * = these last 3 are bad and not the legitimate site!


   A better regex keyword is...
   this allows clients to visit: http://malwarebytes.org
   but you would also need regex keyword...
   this allows clients to visit: http://www.malwarebytes.org
   and perform software updates from: http://mbam-cdn.malwarebytes.org
   These two regex statements can be combined with a single regex...
   and assuming you trust any sub-domain of "malwarebytes.org" which is probably safe, then this is OK,
   however it is possible an attacker could make a subdomain for negarious purposes,
   so explicitly defining all the known subdomains you need is most secure...

   To recap, the following are all valid...
   The following regex consolidates all three...
   The following is most secure...

Using a well constructed regex prevents false sites that contain the same domain from being accessible.

Since popular services and websites may use many domains or rely on 3rd party CDN domains, incorporating an allowed list can avoid disruption to services your company relies on.
Remember that your internal domain suffix should also be included in your allowed file.

 [ See a sample allowed file here: example-allowed.txt ]
...the contents can be pasted into your allowed.txt file.

Related articles
FAQ 159  Useful AllowedKeywordsFile or AlwaysKeywordsFile additions
FAQ 106  Use regular expressions in BlockedKeywordsFile

DNS Redirector | Legal Information | 2003-2017