Next‑Gen Trust Security
Regular Expressions in Policies
Table of Contents
Regular Expressions in Policies
The Default Value fields on the Policies page accept regular expressions so that you can match patterns instead of exact values. For example, you might allow any subdomain of a domain rather than listing each one.
This topic provides a syntax reference for common regular expression patterns used in Distributed Issuer policies as well as examples.
Syntax Reference
| Syntax | Description | Example | Matches |
|---|---|---|---|
| * | Matches any number of characters including none. | ^.*[.]acme[.]com | site-1.acme.com, www.acme.com, \*.acme.com |
| . | Matches a single character. | ^.?team[.]acme[.]com | ateam.acme.com, bteam.acme.com, 1team.acme.com |
| [abc] | Matches one character given in the bracket. | ^[tmb]ike[.]acme[.]com | tike.acme.com, mike.acme.com, bike.acme.com |
| [a-z] | Matches one character from the range given in the bracket. | [w-z]-net[.]acme[.]com | w‑net.acme.com, x‑net.acme.com, y‑net.acme.com, z‑net.acme.com |
| [^0-9] | Matches one character outside the range given in the bracket. | ^[^0-3][yz][.]acme[.]com | 4y.acme.com, 5z.acme.com, 6y.acme.com |
Syntax Rules
When using regular expressions:
- Anchor the pattern: Prefix regular expressions with ^ and end them with $ to match the entire value.
- Match any characters: Use .* to match any characters. For example, .*$ matches any suffix.
Examples
The following examples show regular expressions you can enter in the Default Value fields on the Policies page.
Common Name: All subdomains of acme.com
^(?:\.|(?:[A-Za-z0-9-]+\.)*)acme\.com$
DNS: All subdomains except wildcards for a domain
^[a-zA-Z0-9_-]+[.]acme[.]com$
IP Addresses: RFC 1918 IPv4 private IPs
^(?:10(?:\.\d{1,3}){3}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2}|192\.168(?:\.\d{1,3}){2})$
URI Address: Subdomains of a domain with specific schemes
^(https|ldaps|spiffe)://.*\.acme\.com$
Email Address: All addresses that end in a specific domain
^(?:[A-Za-z0-9._%+-]+)?@acme\.com$
