DNS Redirector
 Return to FAQ List


FAQ 112: Use regular expressions in AllowedKeywordsFile

Category: BlockedIP function


DNS Redirector v7 allows for regular expressions (also referred to as regex or regexp) in any keyword list.

All keyword lists need to have at least one non-regex keyword present; that's at least 1 line not starting with ^

A helpful site for understanding regex is: www.regular-expressions.info

Examples

   A plain keyword such as...
malwarebytes.org
   is too generic because it would allow all of these domains...
malwarebytes.org
www.malwarebytes.org
fakemalwarebytes.org *
malwarebytes.orgfakesite.com *
malwarebytes.org.otherfakesite.com *
   * = these last 3 are bad and not the legitimate site!

Recommendation

   A better regex keyword is...
^malwarebytes\.org$
   this allows clients to visit: http://malwarebytes.org
   but you would also need regex keyword...
^.*\.malwarebytes\.org$
   this allows clients to visit: http://www.malwarebytes.org
   and perform software updates from: http://mbam-cdn.malwarebytes.org
   These two regex statements can be combined with a single regex...
^(.*\.)?malwarebytes\.org$
   and assuming you trust any sub-domain of "malwarebytes.org" which is probably safe, then this is OK,
   however it is possible an attacker could make a subdomain for negarious purposes,
   so explicitly defining all the known subdomains you need is most secure...
^(www\.|mbam-cdn\.)?malwarebytes\.org$

   To recap, the following are all valid...
^example\.com$
^.*\.example\.com$
^hostname\.example\.com$
   The following regex consolidates all three...
^(.*\.)?example\.com$
   The following is most secure...
^(www\.|hostname\.)?example\.com$

Using a well constructed regex prevents false sites that contain the same domain from being accessible.

Since popular services and websites may use many domains or rely on 3rd party CDN domains, incorporating an allowed list can avoid disruption to services your company relies on.
Remember that your internal domain suffix should also be included in your allowed file.

 [ See a sample allowed file here: example-allowed.txt ]
...the contents can be pasted into your allowed.txt file.



Related articles
FAQ 159  Useful AllowedKeywordsFile or AlwaysKeywordsFile additions
FAQ 106  Use regular expressions in BlockedKeywordsFile

 
DNS Redirector | Legal Information | 2003-2017