How to Create URI List Objects/Groups on SonicOSX 7?

11/22/2024 70 People found this article helpful 479,212 Views

Description

A URI List Object defines a list of URIs (Uniform Resource Identifiers), domains or keywords. You can export a URI list to an external file or import a file into a URI list.

These lists are highly useful when you are trying to add security policies to allow/block certain websites, URIs or keywords.

Resolution

URI List Objects:

A URI List Object defines a list of URIs (Uniform Resource Identifiers) or domains that can be marked as allowed or forbidden. URI list can also be exported to an external file or imported through a file into a URI list. When processing, URI lists have a higher priority than the category of a URI.

URI List Objects have the following requirements:

Up to 128 URI List Objects are allowed.
Each URI List Object supports up to 5000 URIs. The minimum number is 1.
Up to 100 Keywords can be configured in each URI List Object. The minimum is zero.

URIs and the URI List:

Each URI List Object must have at least one URI in its URI List. Entries can be added manually to the URI List by typing or pasting them in, or they can be imported through a list of URIs from a text (.txt) file. The file can be created manually or can be a file that was previously exported from the appliance. Each URI in the file is on its own line.

The URIs and URI List have the following requirements:

Each URI can be up to 255 characters.
The maximum combined length of all URIs in one URI List is 131,072 (1024*128) characters, including one character for each new line (carriage return) between the URIs.
By definition, a URI is a string containing a host and path. Port and other content are currently not supported, but you can use Keywords to match these.
The host portion of a URI can be an IPv4 or IPv6 address string.
Each URI can contain up to 16 tokens. A token in a URI is a string composed of the following characters:
0 through 9
a through z
A through Z
$ - _ + ! ' ( ) , .
Each token can be up to 64 characters, including one character for each separator (. or /) surrounding the token.
An asterisk (star) can be used as a wildcard representing a sequence of one or more valid tokens, not one or more characters.

EXAMPLE: Examples of valid URIs:

news.example.com
news.example.com/path
news.example.com/path/abc.txt
news..com/.txt
10.10.10.10
10.10.10.10/path
[2001:2002::2003]/path

[2001:2002::2003::2004]/path/.txt

Examples of invalid URIs:

Using the wildcard character (star) incorrectly can result in invalid URIs such as:

example*.com
exa*ple.com
example...com
The wildcard character represents a sequence of one or more tokens, not one or more characters.

Keywords and the Keyword List:

A URI List Object uses its URI List to match URIs when scanning web traffic. It uses a token-based match algorithm, which means torrent.com does not match seedtorrent.com. The Keyword List makes URI matching more flexible, allowing the URI List Object to match traffic by matching other portions of a URI.
If a web traffic URI string (host+path+queryString) has any sub-string in the keyword list, the URI List Object gets a match. For example, if "sports" and "news" are in the keywords list, the URI List Object can match www.extremsports.com, news.google.com/news/headlines?ned=us&hl=en, or www.yahoo.com/?q=sports.
As with the URI List, entries can be added manually to the Keyword List by typing or pasting them in, or can be imported as a list of keywords from a text (.txt) file. The file can be created manually or can be a file that was previously exported from the appliance. Each keyword in the file is on its own line.
Keyword List can be exported into a text file that can be imported later.

Keyword and Keyword List requirements:

Each keyword can contain up to 255 printable ASCII characters.
The maximum combined length of keywords in one Keyword List is limited to 1024 * 2, including one character for each new line (carriage return) between the keywords.

Matching URI List Objects:

The matching process for URI List Objects is based on tokens. A valid token sequence is composed of one or more tokens, joined by a specific character, like "." or "/". A URI represents a token sequence. For example, the URI www.example.com is a token sequence consisting of www, example, and com, joined by a ".". Generally if a URI contains one of the URIs in a URI List Object, then the URI List Object matches that URI.

Normal matching

If a list object contains a URI such as example.com, then that object matches URIs defined as:
[(.|/)]example.com[(.|/)]

For example, the URI List Object matches any of the following URIs:

example.com
www.example.com
example.com.uk
www.example.com.uk
example.com/path
The URI List Object does not match the URI, specialexample.com, because specialexample is identified as a different token than the example.

Wildcard matching

Wildcard matching is supported. An asterisk (star) is used as the wildcard character and represents a valid sequence of tokens. If a list object contains a URI such as example.*.com, then that list object matches URIs defined as:
[(.|/)]example..com[(.|/)]

For example, the URI List Object example.*.com matches any of the following URIs:

example.exam1.com
example.exam1.exam2.com
www.example.exam1.com/path
The URI List Object does not match the URI:

example.com
This is because the wildcard character (star) represents a valid token sequence that isn't present in example.com.

IPv6 Address Matching

IPv6 address string matching is also supported. While an IPv4 address can be handled as a normal token sequence, an IPv6 address string needs to be handled specially. If a URI List Object contains a URI such as [2001:2002::2008], then that URI List Object matches URIs defined as:

[2001:2002::2008][/]

For example, the URI List Object matches any of the following URIs:

[2001:2002::2008]

[2001:2002::2008]/path

[2001:2002::2008]/path/abc.txt

IPv6 Wildcard Matching

Wildcard matching in the IPv6 address string is supported. If a list object contains a URI such as [2001:2002::2008]//abc.mp3, then that list object matches URIs defined as:

[2001:2002::2008]//abc.mp3

For example, the URI List Object matches any of the following URIs:

[2001:2002:2003::2007:2008]/path/abc.txt

[2001:2002:2003:2004:2005:2006:2007:2008]/path/path2/abc.txt

URI Lists can be of one of these three types:

Domain
EXAMPLE:
yahoo.com, youtube.com, mail.google.com
URI
EXAMPLE:
news.example.com/path, news.example.com/path/abc.txt
Keyword
EXAMPLE:
sports, news

These list types are segregated for faster lookup. It's best to have them as separate URI List objects that can be added to a group if they need to be allowed or blocked in a specific Security Policy.

To create a URI List object:

Navigate to Object | Match Objects | URI Lists | URI List Objects tab and Click Add.
Give it a relevant name and then select Domain, URI, or Keyword in the Type dropdown menu.
Click Add to add all the necessary entries one by one.
You can also choose to import these domains, URIs, or keywords from a text file using the Import button.
Once all entries are added, click Save.

To create a URI List group

Navigate to the Object | Match Objects | URI Lists | URI List Groups tab and click Add.
Choose a relevant name for your group and add all your previously created lists to the right-hand column using the right arrow button. Click Save.