Solved

All microsoft delivery optimization - regex....

  • 7 February 2024
  • 2 replies
  • 148 views

We block the download of certain files, such as msi, and exe.  Microsoft delivery optimization uses random IPs within the URL to download these updates, and some IPs might not even be owned by Microsoft.  Below is an example of a download:
 

151.139.71.28/filestreamingservice/files/814b848b-a4e4-48f7-9dc0-b18b57f6c9f3?P1=1707275479&P2=404&P3=2&P4=XS3dTPEuizRfF1O1rjyxG4xt4%2f7vGGgU0h4OKnajgEDC0tollwGtN5fmEf1kuPFohFTDKuVPTCg9zrAoEck6sQ%3d%3d&cacheHostOrigin=msedge.b.tlu.dl.delivery.mp.microsoft.com

We would like to include a regex or some sort of wild card to allow these.  The URL always seems to include: 

delivery.mp.microsoft.com

 When we allow URLs, we add the URLs to a URL list, which is tied to category.  I see we can use regex, but I am not certain if the URL needs the hostname???  I am also not sure how the regex would look.  I opened a case with support, but they referenced me to regex101 website, but that was really it, so hoping the Netskope community might be able to assist.

icon

Best answer by nduda 7 February 2024, 09:29

View original

2 replies

Userlevel 4
Badge +12

I was just talking about this in another thread here. We have a URL list that resolves this. We haven't had to update it in awhile but it's easy enough if we have to.

\b(?:\d{1,3}\.){3}\d{1,3}\b\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/filestreamingservice\/files\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*.intunewin.bin
\b(?:\d{1,3}\.){3}\d{1,3}\b\/.*\/ctldl.windowsupdate.com\/msdownload\/update\/v3\/static\/trustedr\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/pr\/.*\/Office\/Data\/.*
\b(?:\d{1,3}\.){3}\d{1,3}\b\/d\/msdownload\/.*

Userlevel 4
Badge +12

And you can see the first regex in my list matches the example you gave
https://regex101.com/r/9OUCNc/1

Reply