WebSentinel Users Guide

Using GREP

Grep is an option in WebSentinel that allows you to use complex patterns to define an area on your site you wish to be protected using a realm. To enable grep pattern matching for a realm on your site, simply check the "Use GREP" item in the realm's detail window.
The following describes the tokens used to create a grep expression and will hopefully act a learning resource for those unfamiliar with grep.
Wildcard Characters
Use wildcard characters in an expression to match certain classes of characters:

Character Matches

. Any character

# Any number

^ Beginning of line

$ End of line

Sets and Ranges
Use brackets in an expression to match sets or ranges of characters:

Character Matches

[xyz] Any character of the set x, y, or z

[^xyz] Any character except x, y, or z

[a-z] Any character in the range a through z

Escape Sequences
Use escape sequences in an expression to match non-printing characters:

Character Matches

\t Tab

\r Carriage Return

\n Line Feed

\f Form Feed (Page Break)

\x The character x unless x is one of numbers 0-9

Repeating Values
Use repetition tokens in an expression to match a series of repeating characters. In this table, X may be a literal character, a wildcard, a pattern, or an escape sequence.

Character Matches

X* Zero or more X's

X+ One or more X's

X? Either zero or one X

Example Patterns

Here are some example patterns utilizing grep syntax to help you get started. These patterns can be used as components within larger, more complex patterns.
This pattern will match any request that has more than one URL argument. Useful or not, it offers a nice example of grep expressions can be used to block very specific areas of your site.

Pattern URL Match?

.*\?[^&]*&.* /guestbook.t?add No

/guestbook.t?add&delete=1 Yes

/example.t?a=1 No

/example.t?a=1&b=2&c=3 Yes

Another very useful feature offered by utilizing a grep expression is the ability to block CGI usage from certain directories on your site. If you have areas on your web server others are using to serve pages, preventing CGI usage is very important to ensure your site's stability.
You can modify the grep expression below to catch other suffixes, such as ".t", ".fcgi", etc.

Pattern URL Match?

/.*/.*\.a?cgi /Admin.acgi No

/users/billh/Admin.acgi Yes

/Mailer.cgi No

/users/testing/Mailer.cgi Yes

[Index] [Prev] [Next]

Character	Matches
`.`	`Any character`
`#`	`Any number`
`^`	`Beginning of line`
`$`	`End of line`

Character	Matches
`[xyz]`	`Any character of the set x, y, or z`
`[^xyz]`	`Any character except x, y, or z`
`[a-z]`	`Any character in the range a through z`

Character	Matches
`\t`	`Tab`
`\r`	`Carriage Return`
`\n`	`Line Feed`
`\f`	`Form Feed (Page Break)`
`\x`	`The character x unless x is one of numbers 0-9`

Character	Matches
`X*`	`Zero or more X's`
`X+`	`One or more X's`
`X?`	`Either zero or one X`

Pattern	URL	Match?
`.\?[^&]&.*`	`/guestbook.t?add`	`No`
	`/guestbook.t?add&delete=1`	`Yes`
	`/example.t?a=1`	`No`
	`/example.t?a=1&b=2&c=3`	`Yes`

Pattern	URL	Match?
`/./.\.a?cgi`	`/Admin.acgi`	`No`
	`/users/billh/Admin.acgi`	`Yes`
	`/Mailer.cgi`	`No`
	`/users/testing/Mailer.cgi`	`Yes`