PAC file matching host with wildcard entries

,

Hey there, Im trying to understand how Zscaler matches the host wildcard entries?

shExpMatch(host, “.abc.”) ||
shExpMatch(host, “.def.”) ||
shExpMatch(host, “*.abcdef.com”)

My understanding is

anything.abc.anything
anything.def.anything
anything.abcdef.com

Is this correct?

Does abcdef.anything.com matches in .def. ?

Gokul,

I have been testing this recently as well and found there is a misunderstanding on the use, even in our default PAC. The (.) period means to match any character. your first two rules will match any domain that has abc or def. Your third rule will never be hit.

anything.abcdef.com will match shExpMatch(host, “.abc.”) ||.

My suggestion is to use dnsDomainIs where ever possible and not use shExpMatch.

To test this go to this site. https://app.thorsen.pm/proxyforurl and plug in the below PAC.

function FindProxyForURL(url, host) {

if (
shExpMatch(host, “abc”))
return “DIRECT1”;

if (
shExpMatch(host, “.def?”))
return “DIRECT2”;

if (
shExpMatch(host, “*.abcdef.com”))
return “DIRECT3”;

}

Hope this helps.

-Todd Harcourt-

| gocool Gokul Zscaler Certified Engineer
July 26 |

  • | - |

Hey there, Im trying to understand how Zscaler matches the host wildcard entries?

shExpMatch(host, “.abc.”) ||
shExpMatch(host, “.def.”) ||
shExpMatch(host, “*.abcdef.com”)

My understanding is

anything.abc.anything
anything.def.anything
anything.abcdef.com

Is this correct?

Does abcdef.anything.com matches in .def. ?

1 Like

Hello Todd - Thanks for the insights. If that is the case, does abcdef.anything.com matches line 1 or line 2 or both(but line 2 will never hit as 1 will shadow 2)?