| Back | Next | Contents | Cams Administrator's Guide |
Cams supports regular expressions for use with pattern matching on various values. For example, you can use regular expressions to define the <host> and <address> child elements of the <host acr> access control rule. Regular expressions can be quite complex, but their usage and scope within Cams should be somewhat simplified. This document introduces newbies to the basics of regular expressions and provides some examples for use with Cams.
Regular expressions (regex's) are sets of symbols and syntactic elements used
to match patterns of text.
The simplest form of a regular expression is a literal string, such as security
or programming. Regular expression matching
also allows you to test whether a string fits into a specific syntactic form,
such as an email address.
Some metacharacters match single characters. Other notations enable you to work with entire text strings.
| Pattern | Description |
|---|---|
| . | Matches any single character |
| [chars] | Matches any character (chars) between the brackets |
| [^chars] | Matches any character (chars) except those listed between the brackets |
| \char | Escape that particular char, for instance, to specify reserved chars such as ".[]()" |
| text1|text2 | Alternative: text1 or text2 |
| (text) | Grouping of text |
The regular expression syntax provides metacharacters which specify the number of times a particular character should match.
| Pattern | Description |
|---|---|
| ? | Matches any character zero or one times |
| * | Matches the preceding element zero or more times |
| + | Matches the preceding element one or more times |
| {num} | Matches the preceding element num times |
| {min, max} | Matches the preceding element at least min times, but not more than max times |
Often, you need to specify the position at which a particular pattern occurs. This is often referred to as anchoring the pattern.
| Pattern | Description |
|---|---|
| ^ | Matches at the start of the line |
| $ | Matches at the end of the line |
| \< | Matches at the beginning of a word |
| \> | Matches at the end of a word |
| \b | Matches at the beginning or the end of a word |
| \B | Matches any charater not at the beginning or end of a word |
See the Javadoc for java.util.regex.Pattern for a more complete listing of regular expression anchors available with Cams.
Cams uses regular expressions to match DNS hostnames and IP address. For example, suppose you want to match only hosts from the "gov" domain. You could use:
<allow-host> <host>^.*gov</host> </allow-host>
This expression matches any string starting at the beginning of the line that ends with "gov". Or, you want to deny access to any host not in the 192.168.0 address range. You could use:
<deny-address> <host>192.168.0.*</host> </deny-address>
This expression matches any text string that starts with "192.168.0". This example demonstrates that you should be careful with the use of the dot metacharacter (".") with hostnames and IP addresses, but that it usually provides the results you desire. In this case, the regular expression's trailing dot-asterick (".*") matches any characters that follow the string "192.168.0". The fact that the next character of an IP address is a dot is only a coincidence. In fact, as a regular expression, all hostname and IP address dots match any character. If you want to match the dot character instead of using it as a wildcard you must escape it:
<deny-address> <host>192\.168\.0\..*</host> </deny-address>
For a quick tutorial on regular expressions see Using
Regular Expressions by Stephen Ramsay, Assistant Director Electronic Text
Center, University of Virginia.
A good Java-centric regular expression article named Regular Expressions and the Java Programming Language is found at the Java Developer's Connection.
If you are interested in more detailed information about regular expressions and their variants (POSIX regex, Perl regex, etc.) read the following dedicated book to this topic:
Mastering Regular Expressions
Jeffrey E.F. Friedl
Nutshell Handbook Series
O'Reilly & Associates, Inc. 1997
ISBN 1-56592-257-3
© Copyright 1996-2008 Cafésoft LLC. All rights reserved.