Regular Expressions 101

Save & Share

  • Regex Version: ver. 1
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

#include <StringConstants.au3> ; to declare the Constants of StringRegExp #include <Array.au3> ; UDF needed for _ArrayDisplay and _ArrayConcatenate Local $sRegex = "(?m)([\r\n]+)(?=[A-Z][a-z]{2}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s)" Local $sString = "Jun 26 13:46:12 128.23.84.166 [local0.err] <131>Jun 26 13:46:12 GBSDFA1AD011HMA.systems.uk.fed ASM:f5_asm=PROD" & @CRLF & _ "" & @CRLF & _ "vs_name="/f5-tenant-01/XXXXXXXX"" & @CRLF & _ "violations="HTTP protocol compliance failed"" & @CRLF & _ "sub_violations="HTTP protocol compliance failed:Header name with no header value"" & @CRLF & _ "attack_type="HTTP Parser Attack"" & @CRLF & _ "violation_rating="3/5"" & @CRLF & _ "severity="Error"" & @CRLF & _ "" & @CRLF & _ "support_id="XXXXXXXXX"" & @CRLF & _ "policy_name="/Common/waf-fed-transparent"" & @CRLF & _ "enforcement_action="none"" & @CRLF & _ "" & @CRLF & _ "dest_ip_port="128.155.6.2:443"" & @CRLF & _ "ip_client="128.163.192.44"" & @CRLF & _ "x_forwarded_for_header_value="N/A"" & @CRLF & _ "" & @CRLF & _ "method="POST"" & @CRLF & _ "uri="/auth-service/api/v2/token/refreshAccessToken"" & @CRLF & _ "microservice="N/A"" & @CRLF & _ "query_string="N/A"" & @CRLF & _ "response_code="500"" & @CRLF & _ "" & @CRLF & _ "sig_cves="N/A"" & @CRLF & _ "sig_ids="N/A"" & @CRLF & _ "sig_names={N/A}" & @CRLF & _ "sig_set_names="N/A"" & @CRLF & _ "staged_sig_cves="N/A"" & @CRLF & _ "staged_sig_ids="N/A"" & @CRLF & _ "staged_sig_names="N/A"" & @CRLF & _ "staged_sig_set_names="N/A"" & @CRLF & _ "" & @CRLF & _ "<?xml version='1.0' encoding='UTF-8'?>" & @CRLF & _ "<BAD_MSG>" & @CRLF & _ "<violation_masks>" & @CRLF & _ "<block>0-0-0-0</block>" & @CRLF & _ "<alarm>2400500004500-106200000003e-0-0</alarm>" & @CRLF & _ "<learn>0-0-0-0</learn>" & @CRLF & _ "<staging>0-0-0-0</staging>" & @CRLF & _ "</violation_masks>" & @CRLF & _ "<request-violations>" & @CRLF & _ "<violation>" & @CRLF & _ "<viol_index>14</viol_index>" & @CRLF & _ "<viol_name>VIOL_HTTP_PROTOCOL</viol_name>" & @CRLF & _ "<http_sanity_checks_status>2</http_sanity_checks_status>" & @CRLF & _ "<http_sub_violation_status>2</http_sub_violation_status>" & @CRLF & _ "<http_sub_violation>SGVhZGVyICdBdXRob3JpemF0aW9uJyBoYXMgbm8gdmFsdWU=</http_sub_violation>" & @CRLF & _ "</violation>" & @CRLF & _ "</request-violations>" & @CRLF & _ "</BAD_MSG>" & @CRLF & _ "Jun 26 13:40:31 128.168.189.4 [local0.err] <131>2025-06-26T13:40:31+00:00 nginxplus-nginx-ingress-controller-6498464cd4-k57b5 ASM:attack_type="Cross Site Scripting (XSS)",blocking_exception_reason="N/A",date_time="2025-06-26 13:40:31",dest_port="443",ip_client="128.175.220.223",is_truncated="false",method="GET",policy_name="waf-fed-enforced",protocol="HTTPS",request_status="blocked",response_code="0",severity="N/A",sig_cves="N/A,N/A,N/A,N/A",sig_ids="200001475,200000098,200001088,200101609",sig_names="XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)...",sig_set_names="{High Accuracy Signatures;Cross Site Scripting Signatures;Generic Detection Signatures (High Accuracy)},{High Accuracy Signatures;Cross Site Scripting Signatures;Generic Detection Signatures (High Accuracy)},{Cross Site Scripting Signatures}...",src_port="64344",sub_violations="N/A",support_id="11720398659341069199",threat_campaign_names="N/A",unit_hostname="nginxplus-nginx-ingress-controller-6498464cd4-k57b5",uri="/waf",violation_rating="5",vs_name="14-cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed:24-/waf",x_forwarded_for_header_value="N/A",outcome="REJECTED",outcome_reason="SECURITY_WAF_VIOLATION",violations="Attack signature detected",json_log="{""id"":""11720398659341069199"",""violations"":[{""enforcementState"":{""isBlocked"":true,""isAlarmed"":true,""isInStaging"":false,""isLearned"":false,""isLikelyFalsePositive"":false,""attackType"":[{""name"":""Cross Site Scripting (XSS)""}]},""violation"":{""name"":""VIOL_ATTACK_SIGNATURE""},""signature"":{""name"":""XSS script tag end (Parameter) (2)"",""signatureId"":200001475,""accuracy"":""high"",""risk"":""high"",""hasCve"":false,""stagingCertificationDatetime"":""1970-01-01T00:00:00Z"",""lastUpdateTime"":""2025-01-08T16:57:22Z""},""snippet"":{""buffer"":""c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i"",""offset"":8,""length"":7},""policyEntity"":{""parameters"":[{""name"":""*"",""level"":""global"",""type"":""wildcard""}]},""observedEntity"":{""name"":""c3Zhbmdh"",""value"":""PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI="",""location"":""query""}},{""enforcementState"":{""isBlocked"":true,""isAlarmed"":true,""isInStaging"":false,""isLearned"":false,""isLikelyFalsePositive"":false,""attackType"":[{""name"":""Cross Site Scripting (XSS)""}]},""violation"":{""name"":""VIOL_ATTACK_SIGNATURE""},""signature"":{""name"":""XSS script tag (Parameter)"",""signatureId"":200000098,""accuracy"":""high"",""risk"":""high"",""hasCve"":false,""stagingCertificationDatetime"":""1970-01-01T00:00:00Z"",""lastUpdateTime"":""2023-11-02T19:36:54Z""},""snippet"":{""buffer"":""c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i"",""offset"":7,""length"":7},""policyEntity"":{""parameters"":[{""name"":""*"",""level"":""global"",""type"":""wildcard""}]},""observedEntity"":{""name"":""c3Zhbmdh"",""value"":""PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI="",""location"":""query""}},{""enforcementState"":{""isBlocked"":false,""isAlarmed"":true,""isInStaging"":false,""isLearned"":false,""isLikelyFalsePositive"":false,""attackType"":[{""name"":""Cross Site Scripting (XSS)""}]},""violation"":{""name"":""VIOL_ATTACK_SIGNATURE""},""signature"":{""name"":""alert() (Parameter)"",""signatureId"":200001088,""accuracy"":""low"",""risk"":""medium"",""hasCve"":false,""stagingCertificationDatetime"":""1970-01-01T00:00:00Z"",""lastUpdateTime"":""2025-03-19T14:09:48Z""},""snippet"":{""buffer"":""c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i"",""offset"":15,""length"":6},""policyEntity"":{""parameters"":[{""name"":""*"",""level"":""global"",""type"":""wildcard""}]},""observedEntity"":{""name"":""c3Zhbmdh"",""value"":""PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI="",""location"":""query""}},{""enforcementState"":{""isBlocked"":true,""isAlarmed"":true,""isInStaging"":false,""isLearned"":false,""isLikelyFalsePositive"":false,""attackType"":[{""name"":""Cross Site Scripting (XSS)""}]},""violation"":{""name"":""VIOL_ATTACK_SIGNATURE""},""signature"":{""name"":""\u003cscript\u003ealert(1);\u003c/script\u003e (Parameter)"",""signatureId"":200101609,""accuracy"":""high"",""risk"":""high"",""hasCve"":false,""stagingCertificationDatetime"":""1970-01-01T00:00:00Z"",""lastUpdateTime"":""2020-04-12T21:41:39Z""},""snippet"":{""buffer"":""c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i"",""offset"":7,""length"":25},""policyEntity"":{""parameters"":[{""name"":""*"",""level"":""global"",""type"":""wildcard""}]},""observedEntity"":{""name"":""c3Zhbmdh"",""value"":""PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI="",""location"":""query""}}],""enforcementAction"":""block"",""method"":""GET"",""clientPort"":64344,""clientIp"":""128.175.220.223"",""host"":""nginxplus-nginx-ingress-controller-6498464cd4-k57b5"",""responseCode"":0,""serverIp"":""0.0.0.0"",""serverPort"":443,""requestStatus"":""blocked"",""url"":""L3dhZg=="",""virtualServerName"":""14-cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed:24-/waf"",""geolocationCountryCode"":""US"",""enforcementState"":{""isBlocked"":true,""isAlarmed"":true,""rating"":5,""attackType"":[{""name"":""Cross Site Scripting (XSS)""}],""ratingIncludingViolationsInStaging"":5,""stagingCertificationDatetime"":""1970-01-01T00:00:00Z""},""requestDatetime"":""2025-06-26T13:40:31Z"",""rawRequest"":{""actualSize"":1016,""httpRequest"":""R0VUIC93YWY/c3ZhbmdhPSUzQ3NjcmlwdCUzRWFsZXJ0KDEpJTNDL3NjcmlwdCUzRSUyMiBIVFRQLzEuMQ0KaG9zdDogY3liZXJ3YXNwLXN2LWhlbGxvd29ybGQuaWtwMzAwMXlucC5jbG91ZC51ay5oc2JjDQpjYWNoZS1jb250cm9sOiBtYXgtYWdlPTANCnNlYy1jaC11YTogIk5vdChBOkJyYW5kIjt2PSI5OSIsICJHb29nbGUgQ2hyb21lIjt2PSIxMzMiLCAiQ2hyb21pdW0iO3Y9IjEzMyINCnNlYy1jaC11YS1tb2JpbGU6ID8wDQpzZWMtY2gtdWEtcGxhdGZvcm06ICJXaW5kb3dzIg0KdXBncmFkZS1pbnNlY3VyZS1yZXF1ZXN0czogMQ0KdXNlci1hZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2DQphY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNw0Kc2VjLWZldGNoLXNpdGU6IG5vbmUNCnNlYy1mZXRjaC1tb2RlOiBuYXZpZ2F0ZQ0Kc2VjLWZldGNoLXVzZXI6ID8xDQpzZWMtZmV0Y2gtZGVzdDogZG9jdW1lbnQNCmFjY2VwdC1lbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIsIHpzdGQNCmFjY2VwdC1sYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCnByaW9yaXR5OiB1PTAsIGkNCmNvb2tpZTogYWpzX3VzZXJfaWQ9NThhNzE0M2VkZjNhNTExOWI4MGMzYzQ1M2FjYmRjMTY1NWEwYTc5YTsgYWpzX2Fub255bW91c19pZD1jZTMzMmQxMi1iOTc0LTQ5ZTItYjkzYy0xNWVhYjVmYmEwNjQ7IGFtcF8zMzU1N2Q9bXJOSV9ZYTNrWlh3QUNtY1BhU2x4Ry4uLjFpbmVqdmlhdi4xaW5la240MHUuMC4wLjA7IGFtcF8zMzU1N2RfdWsuaHNiYz1tck5JX1lhM2taWHdBQ21jUGFTbHhHLi4uMWluZWp2aWIzLjFpbmVrbjQxMS4wLjAuMA0KDQo="",""isTruncated"":false},""requestPolicy"":{""fullPath"":""waf-fed-enforced""}}",violation_details="<?xml version='1.0' encoding='UTF-8'?>" & @CRLF & _ "<BAD_MSG>" & @CRLF & _ "<violation_masks>" & @CRLF & _ "<block>400500200500-1a01030000000032-0-0</block>" & @CRLF & _ "<alarm>20400500200500-1ef903400000003e-7400000000000000-0</alarm>" & @CRLF & _ "<learn>0-0-0-0</learn>" & @CRLF & _ "<staging>0-0-0-0</staging>" & @CRLF & _ "</violation_masks>" & @CRLF & _ "<request-violations>" & @CRLF & _ "<violation>" & @CRLF & _ "<viol_index>42</viol_index>" & @CRLF & _ "<viol_name>VIOL_ATTACK_SIGNATURE</viol_name>" & @CRLF & _ "<context>parameter</context>" & @CRLF & _ "<parameter_data>" & @CRLF & _ "<value_error/>" & @CRLF & _ "<enforcement_level>global</enforcement_level>" & @CRLF & _ "<name>c3Zhbmdh</name>" & @CRLF & _ "<value>PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=</value>" & @CRLF & _ "<location>query</location>" & @CRLF & _ "<expected_location>" & @CRLF & _ "</expected_location>" & @CRLF & _ "<is_base64_decoded>false</is_base64_decoded>" & @CRLF & _ "<param_name_pattern>*</param_name_pattern>" & @CRLF & _ "<staging>0</staging>" & @CRLF & _ "</parameter_data>" & @CRLF & _ "<staging>0</staging>" & @CRLF & _ "<sig_data>" & @CRLF & _ "<sig_id>200001475</sig_id>" & @CRLF & _ "<blocking_mask>3</blocking_mask>" & @CRLF & _ "<kw_data>" & @CRLF & _ "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>" & @CRLF & _ "<offset>8</offset>" & @CRLF & _ "<length>7</length>" & @CRLF & _ "</kw_data>" & @CRLF & _ "</sig_data>" & @CRLF & _ "<sig_data>" & @CRLF & _ "<sig_id>200000098</sig_id>" & @CRLF & _ "<blocking_mask>3</blocking_mask>" & @CRLF & _ "<kw_data>" & @CRLF & _ "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>" & @CRLF & _ "<offset>7</offset>" & @CRLF & _ "<length>7</length>" & @CRLF & _ "</kw_data>" & @CRLF & _ "</sig_data>" & @CRLF & _ "<sig_data>" & @CRLF & _ "<sig_id>200001088</sig_id>" & @CRLF & _ "<blocking_mask>2</blocking_mask>" & @CRLF & _ "<kw_data>" & @CRLF & _ "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>" & @CRLF & _ "<offset>15</offset>" & @CRLF & _ "<length>6</length>" & @CRLF & _ "</kw_data>" & @CRLF & _ "</sig_data>" & @CRLF & _ "<sig_data>" & @CRLF & _ "<sig_id>200101609</sig_id>" & @CRLF & _ "<blocking_mask>3</blocking_mask>" & @CRLF & _ "<kw_data>" & @CRLF & _ "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>" & @CRLF & _ "<offset>7</offset>" & @CRLF & _ "<length>25</length>" & @CRLF & _ "</kw_data>" & @CRLF & _ "</sig_data>" & @CRLF & _ "</violation>" & @CRLF & _ "</request-violations>" & @CRLF & _ "</BAD_MSG>",bot_signature_name="N/A",bot_category="N/A",bot_anomalies="N/A",enforced_bot_anomalies="N/A",client_class="Browser",client_application="Chrome",client_application_version="133",request="GET /waf?svanga=%3Cscript%3Ealert(1)%3C/script%3E%22 HTTP/1.1\r\nhost: cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed\r\ncache-control: max-age=0\r\nsec-ch-ua: ""Not(A:Brand"";v=""99"", ""Google Chrome"";v=""133"", ""Chromium"";v=""133""\r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: ""Windows""\r\nupgrade-insecure-requests: 1\r\nuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\r\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nsec-fetch-site: none\r\nsec-fetch-mode: navigate\r\nsec-fetch-user: ?1\r\nsec-fetch-dest: document\r\naccept-encoding: gzip, deflate, br, zstd\r\naccept-language: en-US,en;q=0.9\r\npriority: u=0, i\r\ncookie: ajs_user_id=58a7143edf3a5119b80c3c453acbdc1655a0a79a; ajs_anonymous_id=ce332d12-b974-49e2-b93c-15eab5fba064; amp_33557d=mrNI_Ya3kZXwACmcPaSlxG...1inejviav.1inekn40u.0.0.0; amp_33557d_uk.fed=mrNI_Ya3kZXwACmcPaSlxG...1inejvib3.1inekn411.0.0.0\r\n\r\n",transport_protocol="HTTP/2.0"" Local $aArray = StringRegExp($sString, $sRegex, $STR_REGEXPARRAYGLOBALFULLMATCH) Local $aFullArray[0] For $i = 0 To UBound($aArray) -1 _ArrayConcatenate($aFullArray, $aArray[$i]) Next $aArray = $aFullArray ; Present the entire match result _ArrayDisplay($aArray, "Result")

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for AutoIt, please visit: https://www.autoitscript.com/autoit3/docs/functions/StringRegExp.htm