I'm pretty sure this is really a regex question, so you can skip to REGEX QUESTION if you want to skip the background.
Our primary firewall is a Watchguard X750e running Fireware XTM v11.2. We're using webblocker to block most of the categories, and I'm allowing needed sites as they arise. Some sites are simple to add as exceptions, like Pandora radio. That one is just a pattern matched exception with "padnora.com/" as the pattern. All traffic from anywhere on pandora.com is allowed.
I'm running into trouble on more sophisticated domains that reference content off of their base domains. We'll take GrooveShark as a sample. If you go to http://grooveshark.com/ and view page source, you'll see hrefs referring to gs-cdn.net as well as grooveshar.com. So adding a WebBlocker exception to grooveshark.com/ is not effective, and I have to add a second rule allowing gs-cdn.net/ as well.
I see that the WebBlocker allows regex rules, so what I'd like to do in situations like this is create a single regex rule that allows traffic to all the needed domains.
REGEX QUESTION: I'd like to try a regex that matches grooveshark.com/ and gs-cdn.net/. If anybody can help me write that regex, I'd appreciate it.
Here is what is in the WatchGuard documentation from that section: Regular expression
Regular expression matches use a Perl-compatible regular expression to make a match. For example, .[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. Be sure to drop the leading “http://” Supports wild cards used in shell script. For example, the expression “(www)?.watchguard.[com|org|net]” will match URL paths including www.watchguard.com, www.watchguard.net, and www.watchguard.org.
Thanks all!
I do this exact same thing on my Watchguard.
Here is the regex I use, edited to fit the domains you're working with.
I'm not sure if you intended to leave the k off grooveshark at one point in your question or if it was just a typo. If they were to use grooveshar.com sometimes then you would need this:
The ? after the k just makes it not necessary.
I highly recommend The Regex Coach to help you build regex.
I also highly recommend http://www.regular-expressions.info/ as a reference.
Don't. There's nothing wrong with adding multiple "allow" rules to your web filter, and your successor will thank you for the readability. A couple of domain allow rules will suffice.