Knowledge Search


×
 

[SRX] Change in behavior of wildcards while creating URL patterns

  [KB32012] Show Article Properties


Summary:

Beginning with Junos OS 12.1X46 on high-end SRX devices and 12.1X47 on Branch SRX, an enhancement has been introduced to the working of wildcard character '*' and '?'.

Solution:

 Wild cards at the beginning of the URL

Previously the wild card '*' could match any string at the beginning of the URL when followed by a period '.' . For example, *.net could match juniper.net, dmz.juniper.net, xyz.net, abc.xyz.net. As this kind of wild card is too broad, a change in the behavior has been introduced.

1. The wildcard '*' can only represent a single word without any period '.'

 Example:

*.juniper.net can match www.juniper.net or abc.juniper.net
*.juniper.net cannot represent abc.def.juniper.net


2. A URL that is to be matched must have a minimum of 3 parts separated by period '.' . Patterns like *.com are not supported.

Example: 

URLs like abc.local, def.local, xyz.local cannot be matched using pattern *.local

3. Wild card sequences '*', '*.*', '*.*.*' are one and the same.

Example:

*.*.juniper.net cannot match web.support.juniper.net. You will need *.support.juniper.net for the same

Wildcards at the end of URL

Each wild card '?' can represent one character, and there should be at least one domain (word) before '?'.

Example:

"www.abc.???" can match "www.abc.com" and "www.abc.net"
"www.abc.co?" can match "www.abc.com"
"www.abc.?" can not match "www.abc.com"

Related Links: