Help with regex, exclude strings

blacksun · April 13, 2024, 4:29pm

Hello,

i need some help to define regex

I want to whitelist all EU-Amazon AWS:
.eu-.+.amazonaws.com$

But I want to exclude some strings:
j4fbanners
teststring2
teststring3

I tested this one, but exclusions do not work:

((?!^j4fbanners$)|(?!^teststring2$)|(?!^teststring3$)).*.eu-.+.amazonaws.com$

It should not matter where the string appears or if there are letters before or after the string.

Thanks a lot

Gunfighter66 · April 13, 2024, 4:58pm

It seems like your regex is almost there. Try using negative lookahead assertions for each exclusion, combined with the positive match for EU-Amazon AWS. Here's a revised version:

^(?!.*(?:j4fbanners|teststring2|teststring3)).*\.eu-.+\.amazonaws\.com$

This regex ensures that the string does not contain "j4fbanners", "teststring2", or "teststring3" before matching the EU-Amazon AWS domain.

blacksun · April 13, 2024, 10:05pm

Thanks for your help.
But it seems that this regex still doesnt fit.

Real Domains are
a)
s3-w.eu-central-1.amazonaws.com
b)
j4fbanners.s3.eu-west-2.amazonaws.com

a) is still not whitelisted, and b) is not blocked

any idea?

Thanks.

rdwebdesign · April 13, 2024, 10:18pm

Are you trying to do this with 2 different entries (one to "over" block and a second one to allow some domains), or do you want a single deny regex to only block the exceptions?

EDIT:

I'm not sure if you already have lists or regex rules blocking parts of the EU-Amazon AWS.

If you want to block some subdomains and allow others from EU-Amazon AWS, you will need to add one rule to block some subdomains and another one to allow the desired domains.

The regex posted above will match only the domains you want to allow.
regex101: build, test, and debug regex
^(?!.*(?:j4fbanners|teststring2|teststring3)).*\.eu-.+\.amazonaws\.com$
If you set this rule as whitelist you still need some rule to block the undesired ones.
This other regex will only match the domains you want to block:
regex101: build, test, and debug regex
^(?:.*(?:j4fbanners|teststring2|teststring3)).*\.eu-.+\.amazonaws\.com$
If you set this rule as blocklist, it will block domains containing those strings.

Gunfighter66 · April 13, 2024, 10:34pm

Apologies for the oversight. Let's refine the regex to ensure it covers both cases:

^(?!.*(?:j4fbanners|teststring2|teststring3))(?=.*\.eu-.+\.amazonaws\.com$).*$

This regex uses a negative lookahead to exclude the specified strings and a positive lookahead to ensure the string ends with ".eu-.amazonaws.com". This should correctly whitelist all EU-Amazon AWS domains while excluding the specified strings.

Try and let us know!?

blacksun · April 13, 2024, 10:36pm

I am using 2 entries:
a) block all amazon-aws:
(.|^)amazonaws.com$
b) whitelist according the mentioned rule: allow all EU-Amazon-AWS, but not if the domain contain one of the 3 mentioned strings

blacksun · April 13, 2024, 10:53pm

with this regex,
j4fbanners.s3.eu-west-2.amazonaws.com
is now blocked, but
s3-w.eu-central-1.amazonaws.com
is still not whitelisted