Hi I'm trying to set up a rule in a Cloud Armor security policy to block requests where the Host is set to an IP address. This should be fairly straight forward, except I'm just getting an error in the web console when trying to apply the rule.
Here's the RE2 code for the custom rule:
!has(request.headers["Host"]) ||
request.headers["Host"] == "" ||
request.headers["Host"].matches('(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)')
We get the Host header and then use .matches() against the Host header string. The regex is fairly standard stuff but I don't get why the console is balking with this kind of error message:
1:34: token recognition error at: ''(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.'
3:82: extraneous input '3' expecting {'}', ',', IDENTIFIER}
3:84: mismatched input '(' expecting {<EOF>, 'in', '==', '!=', '<', '<=', '>=', '>', '&&', '||', '[', '{', '.', '-', '?', '+', '*', '/', '%%'}
3:28: token recognition error at: '|2'
3:40: token recognition error at: '|['
3:58: token recognition error at: '')'
3:81: expected a qualified name
3:81: undeclared reference to '*error*' (in container '')
1:1: ERROR: Cloud Armor rule matcher expression:1:33: token recognition error at: ''(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.'
I've been using the docs here
Hmmm, it seems that I had to double escape the \ before the ..
Thus the custom rule was now:
!has(request.headers["Host"]) ||
request.headers["Host"] == "" ||
request.headers["Host"].matches('(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)')