Configure filter rules using regular expression patterns

Airlock Gateway provides a sophisticated request filter engine based on an allow/deny rule concept. Each rule contains regular expression patterns as rule definitions.

First, a request must pass the allow rules. In a second step the deny rules are checked. Both allow and deny rules are based on Patterns defined by regular expressions. All patterns may be edited using the pattern pop-up.

Pattern flags

Each pattern consists of a regular expression and its flags:

Invert Result

Icon - Case Sensitivity dark

Case Sensitivity = ON: Upper and lower case are not considered to be the same.

Icon - Case Sensitivity light

Case Sensitivity = OFF: Upper and lower case are considered to be the same.

Invert Result

Icon - Invert on

Invert = ON: The result of the regular expression match is inverted.

Icon - Invert off

Invert = OFF: The result of the pattern match corresponds to the regular expression match.

Airlock Gateway Regex Format

Icon - Multiple single-line regex dark

Multiple single line regex = ON: Interpret line breaks as logical ORs.

Icon - Multiple single-line regex light

Multiple single line regex = OFF: The whole multiline field will be used as one PCRE regex.

Because named patterns tend to be quite long with the "Multiple single line regex" format, you can enter them on multiple lines to gain better readability and easier understanding.

When the "Multiple single line regex" format is turned off, a line break is interpreted as <LF> (unicode code point U+000A) rather than <CR><LF>. We recommend to use \r and \n to match a carriage return or newline, respectively. \v can be used to match any vertical white space character. To write a pattern on multiple lines, e.g. for better readability or documentation, the extended modifier (?x) can be used. In this case, following rules apply:

  • Any white space will be ignored.
  • Content between "#" and the next line break will be ignored. This is useful for adding comments to a regex.

"Multiple single line regex = OFF" example:

(?x) # Match a 20th or 21st century date in yyyy-mm-dd or yyyy/mm/dd format (?:19|20)\d\d # year ([-/]) # separator (?:0[1-9]|1[012]) # month \1 # reference to 1st separator (?:0[1-9]|[12][0-9]|3[01]) # day

Reusing patterns

Patterns are identified by their name, the pattern name must therefore be unique. You may reuse an existing pattern of the same type by selecting it from the Select template drop-down. A pattern that is shared between multiple rules or mappings is also called a shared pattern. If you modify a shared pattern, you will be prompted if you want to update all the shared instances.

Default (built-in) patterns cannot be changed. Press the Customize... button if you want to create and modify your own copy of the pattern.

Pattern tester

You may test if your pattern matches by entering a test string and pressing the Check button. The pattern tester respects both the Ignore Case and the Invert flag.

Please note that any variables (like %ENTRYHOST%) are not interpreted by the pattern tester, you must manually replace the variables with their effective value.