Synatx for URL L7 Recipient Filter
Created: 10 Sep 2012 | 5 comments
Can someone please share the syntax for excluding URLs from the Network Monitor using the L7 Recipient Filter? I see plenty of examples for SMTP in there but it supposedly supports URLs as well. Would it be something like this?
-http://facebook.com/cgi-bin/*,-http://disqus.com
Thanks,
Joe
Discussion Filed Under:
Comments 5 Comments • Jump to latest comment
Joe,
I'm not an expert on syntax as there are many areas that have specifics. I do recall finding the syntax though in 1 of 2 places:
Symantec Corporation | Sr Systems Engineer | CISSP, CCSK, VCP
If a post solves your problem, please flag it as solved.
If you like an item, please give it a thumbs up vote.
Actually those filters are only described in the online help (at least I've never seen them in the admin guide despite much searching). My problem is the online help only gives SMTP examples but not for URLs.
Joe,
I believe the examples should follow the same suit for URL's. Just replace the domains from SMTP or the email address from SMTP examples. You should be able to use root domains, or fill it out to fuller subdomains as well. It won't necessarily work though if trying to use a full URL (including things like an actual page: domain/directory/page.html).
And to touch on your original question, I believe the syntax just needs to remove the HTTP piece of it. It should just rely on the domain essentially and using the +/- as well as wildcard as needed.
Symantec Corporation | Sr Systems Engineer | CISSP, CCSK, VCP
If a post solves your problem, please flag it as solved.
If you like an item, please give it a thumbs up vote.
Joe,
this would do a certainusers domain
-trustedpartner@partnercompany.com
-ceo@acme.com,-cfo@acme.com
Also do not foreget wildcard statements
-*@acme.com, -*.acme.com
so for your example http://facebook.com/* may work as any thing behind that should fit in the *
Hi Joe,
Please refer,
Any email address mask that starts with a plus sign (+) keeps matching messages for inspection. If you add the sender filter +*@abc.com, all messages that are sent from anyone in the abc.com domain are inspected.
Any email address mask that starts with a minus sign (-) excludes matching messages from inspection. If you add the recipient filter -*@xyz.com, all messages that are sent to anyone in the xyz.com domain are not inspected.
If you add an asterisk (*) to the end of the filter expression, any message not explicitly matching any of the filter masks is ignored. For example, if you add the sender filter +*@abc.com,*, all messages from anyone in the abc.com domain are inspected, but all other messages are ignored.
You can also include asterisk wildcards elsewhere in the address strings. The specific filter syntax depends on the protocol. For example, for email addresses you can use wildcards anywhere in the filter string as follows:
+*@symantec.com inspects all email to/from symantec.com.
+*.symantec.com inspects all email to/from any subdomains of symantec.com.
-*symantec.com excludes all email to/from any email address ending in symantec.com.
Would you like to reply?
Login or Register to post your comment.