Fortinet 673 FortiWeb 5.0 Patch 6 Administration Guide
Appendix D: Regular expressions Most FortiWeb features support regular expressions. Regular expressions are a powerful way of
denoting all possible forms of a string. They are very useful when trying to match text that
comes in many variations but follows a definite pattern, such as dynamic URLs or web page
content.
Regular expressions can involve very computationally intensive evaluations. For best
performance, you should only use regular expressions where necessary, and build them
with care. For information on optimization, see “Regular expression performance tips” on
page 615.
See also
•Regular expression syntax
•What are back-references?
•Cookbook regular expressions
•Language support
Regular expression syntax
Accurate regular expression syntax is vital for detecting different forms of the same attack,
for rewriting all but only the intended URLs, and for allowing normal traffic to pass (see
“Reducing false positives” on page 624). When configuring Expression or similar settings,
always use the >> (test) button to:
• Validate your expression’s syntax.
• Look for unintended matches.
• Verify intended matches.
Will your expression match? Will it match more than once? Where will it match? Generally,
unless the feature is specifically designed to look for all instances, FortiWeb will evaluate only a
specific location for a match, and it will start from that location’s beginning. (In English, this is
the left most, topmost point in the string.) FortiWeb will take only the first match, unless you
have defined a number of repetitions.
FortiWeb follows most Perl-compatible regular expression (PCRE) syntax. Table 61 on
page 674 shows syntax and popular grammar examples. You can find additional examples with
each feature, such as “Example: Sanitizing poisoned HTML” on page 380.
Inverse string matching is not currently supported.
For example, to match all strings that do not contain hamsters, you cannot use:
!(hamsters)
You can, however, use inverse matching for specific character classes, such as:
[^A]
to match any string that contains any characters that are not the letter A.