17-87
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Metacharacters Used to Build Regular Expressions
The following table explains the metacharacters you can use to build regular expressions in the Add and
Edit Regular Expression dialog boxes (see Configuring Regular Expressions for Inspection Maps,
page 17-86).
Keep the following tips in mind when creating regular expressions:
If you enter any metacharacters in your text string that you want to be used literally, add the
backslash (\) escape character before them. For example, “example\.com”.
If you want to match upper and lower case characters, enter text in both upper- and lowercase. For
example, “cats” is entered as “[cC][aA][tT][sS]”.
Allow Value Override per
Device
Overrides
Edit button
Whether to allow the object definition to be changed at the device level.
For more information, see Allowing a Policy Object to Be Overridden,
page 6-18 and Understanding Policy Object Overrides for Individual
Devices, page 6-17.
If you allow device overrides, you can click the Edit button to create,
edit, and view the overrides. The Overrides field indicates the number
of devices that have overrides for this object.
Table17-52 Add and Edit Regular Expression Dialog Boxes (Continued)
Element Description
Table17-53 Metacharacters Used to Build Regular Expressions
Character Description Notes
. Dot Matches any single character. For example, d.g matches
dog, dag, dtg, and any word that contains those
characters, such as doggonnit.
(exp) Subexpression A subexpression segregates characters from surrounding
characters, so that you can use other metacharacters on
the subexpression. For example, d(o|a)g matches dog and
dag, but do|ag matches do and ag. A subexpression can
also be used with repeat quantifiers to differentiate the
characters meant for repetition. For example, ab(xy){3}z
matches abxyxyxyz.
| Alternation Matches either expression it separates. For example,
dog|cat matches dog or cat.
? Question mark A quantifier that indicates that there are 0 or 1 of the
previous expression. For example, lo?se matches lse or
lose.
* Asterisk A quantifier that indicates that there are 0, 1 or any
number of the previous expression. For example, lo*se
matches lse, lose, loose, etc.
+ Plus A quantifier that indicates that there is at least 1 of the
previous expression. For example, lo+se matches lose
and loose, but not lse.
{x} Repeat Quantifier Repeat exactly x times. For example, ab(xy){3}z matches
abxyxyxyz.