From 15c5b519450558dff5943da198ab556e2c2af6e4 Mon Sep 17 00:00:00 2001 From: Russell Hancox Date: Tue, 13 Feb 2024 16:21:03 -0500 Subject: [PATCH] docs: Document that *PathRegex does not work on symlinks --- docs/deployment/configuration.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md index fe5f6717d..c4c4a9765 100644 --- a/docs/deployment/configuration.md +++ b/docs/deployment/configuration.md @@ -114,6 +114,17 @@ them to. The following sequences will be replaced in the final URL: For example: `https://sync-server-hostname/%machine_id%/%file_sha%` +### AllowedPathRegex/BlockedPathRegex + +These regexes can be used to allow/block binaries based on the executable path. +We strongly discourage the use of this as it can be relatively trivial to bypass +but there are some circumstances where it is the only option. + +It's important to note that the path matched against these regexes is the full +absolute path of the binary file. Symlinks in the path will have already been +followed by the time Santa processes the execution and matches against the +regex. + ### Static Rules Static rules are rules that are defined inline in the Santa configuration. These