13-11
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 13 Configuring Objects
Configuring Regular Expressions
Guidelines
Use Ctrl+V to escape all of the special characters in the CLI, such as question mark (?) or a tab. For
example, type d[Ctrl+V]?g to enter d?g in the configuration.
See the regex command in the Cisco ASA 5500 Series Command Reference for performance impact
information when matching a regular expression to packets.
Note As an optimization, the adaptive security appliance searches on the deobfuscated URL. Deobfuscation
compresses multiple forward slashes (/) into a single slash. For strings that commonly use double
slashes, like “http://”, be sure to search for “http:/” instead.
Table 13-1 lists the metacharacters that have special meanings.
Table 13-1 regex Metacharacters
Character Description Notes
. Dot Matches any single character. For example, d.g matches
dog, dag, dtg, and any word that contains those
characters, such as doggonnit.
(exp) Subexpression A subexpression segregates characters from surrounding
characters, so that you can use other metacharacters on
the subexpression. For example, d(o|a)g matches dog
and dag, but do|ag matches do and ag. A subexpression
can also be used with repeat quantifiers to differentiate
the characters meant for repetition. For example,
ab(xy){3}z matches abxyxyxyz.
| Alternation Matches either expression it separates. For example,
dog|cat matches dog or cat.
? Question mark A quantifier that indicates that there are 0 or 1 of the
previous expression. For example, lo?se matches lse or
lose.
Note You must enter Ctrl+V and then the question
mark or else the help function is invoked.
* Asterisk A quantifier that indicates that there are 0, 1 or any
number of the previous expression. For example, lo*se
matches lse, lose, loose, and so on.
+ Plus A quantifier that indicates that there is at least 1 of the
previous expression. For example, lo+se matches lose
and loose, but not lse.
{x} or {x,} Minimum repeat quantifier Repeat at least x times. For example, ab(xy){2,}z
matches abxyxyz, abxyxyxyz, and so on.
[abc] Character class Matches any character in the brackets. For example,
[abc] matches a, b, or c.
[^abc] Negated character class Matches a single character that is not contained within
the brackets. For example, [^abc] matches any character
other than a, b, or c. [^A-Z] matches any single
character that is not an uppercase letter.
To Next Page
Loading...
