OverviewIt is possible to setup an Application based on an SSL common_name or HTTP 'host' using a wildcard. An example of when this is useful is:
Netflix streaming traffic can come from a number of different servers, i.e: *.1.ord001.ix.nflxvideo.net, *.1.nyc001.ix.nflxvideo.net, etc. Rather than adding each of these common_names to an application object separately, just add nflxvideo.net with a wildcard to include any HTTPS with nflxvideo.net in the URL.
Here is how:
- Navigate to Configuration > Objects > Network and locate the application you wish to modify
- Select an empty dropdown box in the L7 Signatures section and select ssl --->
- Select advanced from the second dropdown
- Enter the following in the text field beside the second dropdown: common_name =% "..." where ... is replaced by the URL to be included (see screenshot below for Netflix example)
Please note that an error will occur if proper quotation marks ('curly' quotation marks or 'formal' quotation marks) are used. The web UI interface puts them directly in as straight quotation marks when typed ( " ) but other applications, such as the Microsoft Office suite as well as many publishing applications, will automatically correct straight quotation marks to curly ones ( Ò Ó ). Though the different appears to be slight, the representation in unicode is significantly different -
- " is U+0022
- Ò Ó are U+201C and U+201D
In order to perform the same type of behaviour for an HTTP 'host', the same syntax and procedure is used, only selecting 'HTTP', 'advanced' and 'host =% [host domain]' instead.