I am trying to build what I thought would be a very simple layer 7 filter. Turns out, it’s not so simple (or I’m just too slow). I am trying to build a filter that will match on any attempt to open a website by IP. For example, I am wanting to match http://10.10.10.10. I have tried matching based on the http header as well as URL. I know I’m missing something simple. For example this works as expected:
http.*butchevans
So does this:
host.*butchevans.com
This does not:
Host.*[0-9]*\\.[(0-9]*\\.[0-9]*\\.[0-9]*
I realize that even if the above regex DID work it would match way more than just an IP, but this is the simplest form of a regex with a very broad scope. Anyone have any ideas?