Problem with HTTP filtering syntax

We've been using the HTTP filtering to block access to websites that carry malware (primarily free dns hosts) and it has worked well. Unfortunately we ran in to a conflict due to the relatively primitive syntax when it comes to creating a mask.

I created one for ce.ms, using the mask *ce.ms* as the Eset KB recommends I should. Unfortunately these free DNS hosts use such short name that it is possible to create conflicts in the masks like this one did with the website police.msu.edu

I got around it by changing my masks to include a leading period like *.ce.ms*, but even that leaves a lot of ambiguity that could result in further conflicts with any number of other small domain names I am blocking. My idea would be to allow the forward slash character to be part of a valid mask syntax as well. Then I could create masks like *.ce.ms/* which has virtually no chance of conflicting with another valid domain name.

 

I guess another thing that would be useful for troubleshooting would be to display the mask used to block the site, or maybe something getting put in to the event or threat log to help track down things like this.

 

Hello,

Your enhancement request has been forwarded to ESET's developers for consideration in a future release of the software.

Regards,

Aryeh Goretsky