Custom Application or Site - General

What can I do here?

Use this window to configure or edit the properties of a custom application/ site used in Application and URL FilteringClosed Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. or Threat Prevention.

Getting Here - Object Explorer > New > Custom Application/Site > Application/Site > General page

 

Creating Custom Applications and Sites

What background information do I need to know?

In the Application and URL Filtering Database, each application is assigned to one primary category based on its most defining aspect. See the category in the description of each application and in the logs.

In the Application and URL Filtering Database, each application can have additional categories, which are characteristics of the application. For example, some of the additional categories of Gmail include: Supports File Transfer, Sends mail, and Instant Chat. If an additional category is in a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., the rule matches all applications that are marked with it.

Note - In the AppWiki, additional categories are called tags.

When you use the AppWiki or add applications to the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase., you can filter by additional category or risk level to see all applications with that characteristic. This is a good way to get ideas of types of applications that you might want to block or allow.

If new applications are added to an additional category that is in an Application ControlClosed Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. or URL Filtering rule, the rule is updated automatically when the database is updated.

Custom Application Options

Tell me about the fields...

Using Regular Expressions in Custom Sites

Select URLs are defined as Regular Expression only if the application or site URL is entered as a regular expression using the correct syntax.

The meaning of the asterisk ( * ) depends on its use.

  • In regular expressions, the asterisk is a metacharacter for zero or more instances of the preceding character.

  • Without regular expressions, the asterisk is a wildcard, for zero or more instances of any character.

For example, to block a domain that ends with "example.com" (such as www.example.com):

Regular Expression

.*\.example\.com

 

Wildcard

*.example.com

Important! If you use this string as a regular expression, policy install fails. The gateway cannot resolve the regular expression to a URL, because there is no preceding character to find.

More examples of regular expressions:

To match subdomains of mydomain.com: (^|.*\.)mydomain\.com

To match domain and subdomains of mydomain.com: (^|.*\.)*mydomain\.com

Regular Expression Syntax

This table shows the Check Point implementation of standard regular expression metacharacters.

Metacharacter

Name

Description

\

Backslash

escape metacharacters

non-printable characters

character types

[ ]

Square Brackets

character class definition

( )

Parenthesis

sub-pattern, to use metacharacters on the enclosed string

{min[,max]}

Curly Brackets

min/max quantifier

{n} - exactly n occurrences

{n,m} - from n to m occurrences

{n,} - at least n occurrences

.

Dot

match any character

?

Question Mark

zero or one occurrences (equals {0,1})

*

Asterisk

zero or more occurrences of preceding character

+

Plus Sign

one or more occurrences (equals {1,})

|

Vertical Bar

alternative

^

Circumflex

anchor pattern to beginning of buffer (usually a word)

$

Dollar

anchor pattern to end of buffer (usually a word)

-

hyphen

range in character class

Using Non-Printable Characters

To use non-printable characters in patterns, escape the reserved character set.

Character

Description

\a

alarm; the BEL character (hex code 07)

\cX

"control-X", where X is any character

\e

escape (hex code 1B)

\f

formfeed (hex code 0C)

\n

newline (hex code 0A)

\r

carriage return (hex code 0D)

\t

tab (hex code 09)

\ddd

character with octal code ddd

\xhh

character with hex code hh

Using Character Types

To specify types of characters in patterns, escape the reserved character.

Character

Description

\d

any decimal digit [0-9]

\D

any character that is not a decimal digit

\s

any whitespace character

\S

any character that is not whitespace

\w

any word character (underscore or alphanumeric character)

\W

any non-word character (not underscore or alphanumeric)