On Tue, Sep 16, 2014 at 5:27 PM, John Hardin <jhar...@impsec.org> wrote:
> On Tue, 16 Sep 2014, francis picabia wrote: > > Hello, >> >> We just received the most authentic looking phishing I've seen. It was >> professionally written, included a nice signature in the style used by >> people at my workplace, and the target link was an exact replica of an >> ezproxy website we run. >> >> The URL domain was only different by a few letters. I'm thinking we will >> see more of these. So here is a question perhaps someone can solve and >> many of us can benefit from... >> >> How can I make a uri rule which matches >> >> example.com.junk/ >> but does not match >> example.com/ >> > > uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i > > > That's a great one liner. I'm glad I asked. Thank you for this.