Regular Expressions 101

Save & Share

  • Regex Version: ver. 1
  • Update Regex
    ctrl+⇧+s
  • Save new Regex
    ctrl+s
  • Add to Community Library

Flavor

  • PCRE2 (PHP >=7.3)
  • PCRE (PHP <7.3)
  • ECMAScript (JavaScript)
  • Python
  • Golang
  • Java 8
  • .NET 7.0 (C#)
  • Rust
  • Regex Flavor Guide

Function

  • Match
  • Substitution
  • List
  • Unit Tests

Tools

Sponsors
There are currently no sponsors. Become a sponsor today!
An explanation of your regex will be automatically generated as you type.
Detailed match information will be displayed here automatically.
  • All Tokens
  • Common Tokens
  • General Tokens
  • Anchors
  • Meta Sequences
  • Quantifiers
  • Group Constructs
  • Character Classes
  • Flags/Modifiers
  • Substitution
  • A single character of: a, b or c
    [abc]
  • A character except: a, b or c
    [^abc]
  • A character in the range: a-z
    [a-z]
  • A character not in the range: a-z
    [^a-z]
  • A character in the range: a-z or A-Z
    [a-zA-Z]
  • Any single character
    .
  • Alternate - match either a or b
    a|b
  • Any whitespace character
    \s
  • Any non-whitespace character
    \S
  • Any digit
    \d
  • Any non-digit
    \D
  • Any word character
    \w
  • Any non-word character
    \W
  • Non-capturing group
    (?:...)
  • Capturing group
    (...)
  • Zero or one of a
    a?
  • Zero or more of a
    a*
  • One or more of a
    a+
  • Exactly 3 of a
    a{3}
  • 3 or more of a
    a{3,}
  • Between 3 and 6 of a
    a{3,6}
  • Start of string
    ^
  • End of string
    $
  • A word boundary
    \b
  • Non-word boundary
    \B

Regular Expression
No Match

/
/
gm

Test String

Code Generator

Language

Generated Code

import java.util.regex.Matcher; import java.util.regex.Pattern; public class Example { public static void main(String[] args) { final String regex = "([\\r\\n]+)(?=[A-Z][a-z]{2}\\s+\\d{1,2}\\s\\d{2}:\\d{2}:\\d{2}\\s)"; final String string = "Jun 26 13:46:12 128.23.84.166 [local0.err] <131>Jun 26 13:46:12 GBSDFA1AD011HMA.systems.uk.fed ASM:f5_asm=PROD\n\n" + "vs_name=\"/f5-tenant-01/XXXXXXXX\"\n" + "violations=\"HTTP protocol compliance failed\"\n" + "sub_violations=\"HTTP protocol compliance failed:Header name with no header value\"\n" + "attack_type=\"HTTP Parser Attack\"\n" + "violation_rating=\"3/5\"\n" + "severity=\"Error\"\n\n" + "support_id=\"XXXXXXXXX\"\n" + "policy_name=\"/Common/waf-fed-transparent\"\n" + "enforcement_action=\"none\"\n\n" + "dest_ip_port=\"128.155.6.2:443\"\n" + "ip_client=\"128.163.192.44\"\n" + "x_forwarded_for_header_value=\"N/A\"\n\n" + "method=\"POST\"\n" + "uri=\"/auth-service/api/v2/token/refreshAccessToken\"\n" + "microservice=\"N/A\"\n" + "query_string=\"N/A\"\n" + "response_code=\"500\"\n\n" + "sig_cves=\"N/A\"\n" + "sig_ids=\"N/A\"\n" + "sig_names={N/A}\n" + "sig_set_names=\"N/A\"\n" + "staged_sig_cves=\"N/A\"\n" + "staged_sig_ids=\"N/A\"\n" + "staged_sig_names=\"N/A\"\n" + "staged_sig_set_names=\"N/A\"\n\n" + "<?xml version='1.0' encoding='UTF-8'?>\n" + "<BAD_MSG>\n" + "<violation_masks>\n" + "<block>0-0-0-0</block>\n" + "<alarm>2400500004500-106200000003e-0-0</alarm>\n" + "<learn>0-0-0-0</learn>\n" + "<staging>0-0-0-0</staging>\n" + "</violation_masks>\n" + "<request-violations>\n" + "<violation>\n" + "<viol_index>14</viol_index>\n" + "<viol_name>VIOL_HTTP_PROTOCOL</viol_name>\n" + "<http_sanity_checks_status>2</http_sanity_checks_status>\n" + "<http_sub_violation_status>2</http_sub_violation_status>\n" + "<http_sub_violation>SGVhZGVyICdBdXRob3JpemF0aW9uJyBoYXMgbm8gdmFsdWU=</http_sub_violation>\n" + "</violation>\n" + "</request-violations>\n" + "</BAD_MSG>\n" + "Jun 26 13:40:31 128.168.189.4 [local0.err] <131>2025-06-26T13:40:31+00:00 nginxplus-nginx-ingress-controller-6498464cd4-k57b5 ASM:attack_type=\"Cross Site Scripting (XSS)\",blocking_exception_reason=\"N/A\",date_time=\"2025-06-26 13:40:31\",dest_port=\"443\",ip_client=\"128.175.220.223\",is_truncated=\"false\",method=\"GET\",policy_name=\"waf-fed-enforced\",protocol=\"HTTPS\",request_status=\"blocked\",response_code=\"0\",severity=\"N/A\",sig_cves=\"N/A,N/A,N/A,N/A\",sig_ids=\"200001475,200000098,200001088,200101609\",sig_names=\"XSS script tag end (Parameter) (2),XSS script tag (Parameter),alert() (Parameter)...\",sig_set_names=\"{High Accuracy Signatures;Cross Site Scripting Signatures;Generic Detection Signatures (High Accuracy)},{High Accuracy Signatures;Cross Site Scripting Signatures;Generic Detection Signatures (High Accuracy)},{Cross Site Scripting Signatures}...\",src_port=\"64344\",sub_violations=\"N/A\",support_id=\"11720398659341069199\",threat_campaign_names=\"N/A\",unit_hostname=\"nginxplus-nginx-ingress-controller-6498464cd4-k57b5\",uri=\"/waf\",violation_rating=\"5\",vs_name=\"14-cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed:24-/waf\",x_forwarded_for_header_value=\"N/A\",outcome=\"REJECTED\",outcome_reason=\"SECURITY_WAF_VIOLATION\",violations=\"Attack signature detected\",json_log=\"{\"\"id\"\":\"\"11720398659341069199\"\",\"\"violations\"\":[{\"\"enforcementState\"\":{\"\"isBlocked\"\":true,\"\"isAlarmed\"\":true,\"\"isInStaging\"\":false,\"\"isLearned\"\":false,\"\"isLikelyFalsePositive\"\":false,\"\"attackType\"\":[{\"\"name\"\":\"\"Cross Site Scripting (XSS)\"\"}]},\"\"violation\"\":{\"\"name\"\":\"\"VIOL_ATTACK_SIGNATURE\"\"},\"\"signature\"\":{\"\"name\"\":\"\"XSS script tag end (Parameter) (2)\"\",\"\"signatureId\"\":200001475,\"\"accuracy\"\":\"\"high\"\",\"\"risk\"\":\"\"high\"\",\"\"hasCve\"\":false,\"\"stagingCertificationDatetime\"\":\"\"1970-01-01T00:00:00Z\"\",\"\"lastUpdateTime\"\":\"\"2025-01-08T16:57:22Z\"\"},\"\"snippet\"\":{\"\"buffer\"\":\"\"c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i\"\",\"\"offset\"\":8,\"\"length\"\":7},\"\"policyEntity\"\":{\"\"parameters\"\":[{\"\"name\"\":\"\"*\"\",\"\"level\"\":\"\"global\"\",\"\"type\"\":\"\"wildcard\"\"}]},\"\"observedEntity\"\":{\"\"name\"\":\"\"c3Zhbmdh\"\",\"\"value\"\":\"\"PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=\"\",\"\"location\"\":\"\"query\"\"}},{\"\"enforcementState\"\":{\"\"isBlocked\"\":true,\"\"isAlarmed\"\":true,\"\"isInStaging\"\":false,\"\"isLearned\"\":false,\"\"isLikelyFalsePositive\"\":false,\"\"attackType\"\":[{\"\"name\"\":\"\"Cross Site Scripting (XSS)\"\"}]},\"\"violation\"\":{\"\"name\"\":\"\"VIOL_ATTACK_SIGNATURE\"\"},\"\"signature\"\":{\"\"name\"\":\"\"XSS script tag (Parameter)\"\",\"\"signatureId\"\":200000098,\"\"accuracy\"\":\"\"high\"\",\"\"risk\"\":\"\"high\"\",\"\"hasCve\"\":false,\"\"stagingCertificationDatetime\"\":\"\"1970-01-01T00:00:00Z\"\",\"\"lastUpdateTime\"\":\"\"2023-11-02T19:36:54Z\"\"},\"\"snippet\"\":{\"\"buffer\"\":\"\"c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i\"\",\"\"offset\"\":7,\"\"length\"\":7},\"\"policyEntity\"\":{\"\"parameters\"\":[{\"\"name\"\":\"\"*\"\",\"\"level\"\":\"\"global\"\",\"\"type\"\":\"\"wildcard\"\"}]},\"\"observedEntity\"\":{\"\"name\"\":\"\"c3Zhbmdh\"\",\"\"value\"\":\"\"PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=\"\",\"\"location\"\":\"\"query\"\"}},{\"\"enforcementState\"\":{\"\"isBlocked\"\":false,\"\"isAlarmed\"\":true,\"\"isInStaging\"\":false,\"\"isLearned\"\":false,\"\"isLikelyFalsePositive\"\":false,\"\"attackType\"\":[{\"\"name\"\":\"\"Cross Site Scripting (XSS)\"\"}]},\"\"violation\"\":{\"\"name\"\":\"\"VIOL_ATTACK_SIGNATURE\"\"},\"\"signature\"\":{\"\"name\"\":\"\"alert() (Parameter)\"\",\"\"signatureId\"\":200001088,\"\"accuracy\"\":\"\"low\"\",\"\"risk\"\":\"\"medium\"\",\"\"hasCve\"\":false,\"\"stagingCertificationDatetime\"\":\"\"1970-01-01T00:00:00Z\"\",\"\"lastUpdateTime\"\":\"\"2025-03-19T14:09:48Z\"\"},\"\"snippet\"\":{\"\"buffer\"\":\"\"c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i\"\",\"\"offset\"\":15,\"\"length\"\":6},\"\"policyEntity\"\":{\"\"parameters\"\":[{\"\"name\"\":\"\"*\"\",\"\"level\"\":\"\"global\"\",\"\"type\"\":\"\"wildcard\"\"}]},\"\"observedEntity\"\":{\"\"name\"\":\"\"c3Zhbmdh\"\",\"\"value\"\":\"\"PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=\"\",\"\"location\"\":\"\"query\"\"}},{\"\"enforcementState\"\":{\"\"isBlocked\"\":true,\"\"isAlarmed\"\":true,\"\"isInStaging\"\":false,\"\"isLearned\"\":false,\"\"isLikelyFalsePositive\"\":false,\"\"attackType\"\":[{\"\"name\"\":\"\"Cross Site Scripting (XSS)\"\"}]},\"\"violation\"\":{\"\"name\"\":\"\"VIOL_ATTACK_SIGNATURE\"\"},\"\"signature\"\":{\"\"name\"\":\"\"\\u003cscript\\u003ealert(1);\\u003c/script\\u003e (Parameter)\"\",\"\"signatureId\"\":200101609,\"\"accuracy\"\":\"\"high\"\",\"\"risk\"\":\"\"high\"\",\"\"hasCve\"\":false,\"\"stagingCertificationDatetime\"\":\"\"1970-01-01T00:00:00Z\"\",\"\"lastUpdateTime\"\":\"\"2020-04-12T21:41:39Z\"\"},\"\"snippet\"\":{\"\"buffer\"\":\"\"c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i\"\",\"\"offset\"\":7,\"\"length\"\":25},\"\"policyEntity\"\":{\"\"parameters\"\":[{\"\"name\"\":\"\"*\"\",\"\"level\"\":\"\"global\"\",\"\"type\"\":\"\"wildcard\"\"}]},\"\"observedEntity\"\":{\"\"name\"\":\"\"c3Zhbmdh\"\",\"\"value\"\":\"\"PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=\"\",\"\"location\"\":\"\"query\"\"}}],\"\"enforcementAction\"\":\"\"block\"\",\"\"method\"\":\"\"GET\"\",\"\"clientPort\"\":64344,\"\"clientIp\"\":\"\"128.175.220.223\"\",\"\"host\"\":\"\"nginxplus-nginx-ingress-controller-6498464cd4-k57b5\"\",\"\"responseCode\"\":0,\"\"serverIp\"\":\"\"0.0.0.0\"\",\"\"serverPort\"\":443,\"\"requestStatus\"\":\"\"blocked\"\",\"\"url\"\":\"\"L3dhZg==\"\",\"\"virtualServerName\"\":\"\"14-cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed:24-/waf\"\",\"\"geolocationCountryCode\"\":\"\"US\"\",\"\"enforcementState\"\":{\"\"isBlocked\"\":true,\"\"isAlarmed\"\":true,\"\"rating\"\":5,\"\"attackType\"\":[{\"\"name\"\":\"\"Cross Site Scripting (XSS)\"\"}],\"\"ratingIncludingViolationsInStaging\"\":5,\"\"stagingCertificationDatetime\"\":\"\"1970-01-01T00:00:00Z\"\"},\"\"requestDatetime\"\":\"\"2025-06-26T13:40:31Z\"\",\"\"rawRequest\"\":{\"\"actualSize\"\":1016,\"\"httpRequest\"\":\"\"R0VUIC93YWY/c3ZhbmdhPSUzQ3NjcmlwdCUzRWFsZXJ0KDEpJTNDL3NjcmlwdCUzRSUyMiBIVFRQLzEuMQ0KaG9zdDogY3liZXJ3YXNwLXN2LWhlbGxvd29ybGQuaWtwMzAwMXlucC5jbG91ZC51ay5oc2JjDQpjYWNoZS1jb250cm9sOiBtYXgtYWdlPTANCnNlYy1jaC11YTogIk5vdChBOkJyYW5kIjt2PSI5OSIsICJHb29nbGUgQ2hyb21lIjt2PSIxMzMiLCAiQ2hyb21pdW0iO3Y9IjEzMyINCnNlYy1jaC11YS1tb2JpbGU6ID8wDQpzZWMtY2gtdWEtcGxhdGZvcm06ICJXaW5kb3dzIg0KdXBncmFkZS1pbnNlY3VyZS1yZXF1ZXN0czogMQ0KdXNlci1hZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMy4wLjAuMCBTYWZhcmkvNTM3LjM2DQphY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL2F2aWYsaW1hZ2Uvd2VicCxpbWFnZS9hcG5nLCovKjtxPTAuOCxhcHBsaWNhdGlvbi9zaWduZWQtZXhjaGFuZ2U7dj1iMztxPTAuNw0Kc2VjLWZldGNoLXNpdGU6IG5vbmUNCnNlYy1mZXRjaC1tb2RlOiBuYXZpZ2F0ZQ0Kc2VjLWZldGNoLXVzZXI6ID8xDQpzZWMtZmV0Y2gtZGVzdDogZG9jdW1lbnQNCmFjY2VwdC1lbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgYnIsIHpzdGQNCmFjY2VwdC1sYW5ndWFnZTogZW4tVVMsZW47cT0wLjkNCnByaW9yaXR5OiB1PTAsIGkNCmNvb2tpZTogYWpzX3VzZXJfaWQ9NThhNzE0M2VkZjNhNTExOWI4MGMzYzQ1M2FjYmRjMTY1NWEwYTc5YTsgYWpzX2Fub255bW91c19pZD1jZTMzMmQxMi1iOTc0LTQ5ZTItYjkzYy0xNWVhYjVmYmEwNjQ7IGFtcF8zMzU1N2Q9bXJOSV9ZYTNrWlh3QUNtY1BhU2x4Ry4uLjFpbmVqdmlhdi4xaW5la240MHUuMC4wLjA7IGFtcF8zMzU1N2RfdWsuaHNiYz1tck5JX1lhM2taWHdBQ21jUGFTbHhHLi4uMWluZWp2aWIzLjFpbmVrbjQxMS4wLjAuMA0KDQo=\"\",\"\"isTruncated\"\":false},\"\"requestPolicy\"\":{\"\"fullPath\"\":\"\"waf-fed-enforced\"\"}}\",violation_details=\"<?xml version='1.0' encoding='UTF-8'?>\n" + "<BAD_MSG>\n" + "<violation_masks>\n" + "<block>400500200500-1a01030000000032-0-0</block>\n" + "<alarm>20400500200500-1ef903400000003e-7400000000000000-0</alarm>\n" + "<learn>0-0-0-0</learn>\n" + "<staging>0-0-0-0</staging>\n" + "</violation_masks>\n" + "<request-violations>\n" + "<violation>\n" + "<viol_index>42</viol_index>\n" + "<viol_name>VIOL_ATTACK_SIGNATURE</viol_name>\n" + "<context>parameter</context>\n" + "<parameter_data>\n" + "<value_error/>\n" + "<enforcement_level>global</enforcement_level>\n" + "<name>c3Zhbmdh</name>\n" + "<value>PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PiI=</value>\n" + "<location>query</location>\n" + "<expected_location>\n" + "</expected_location>\n" + "<is_base64_decoded>false</is_base64_decoded>\n" + "<param_name_pattern>*</param_name_pattern>\n" + "<staging>0</staging>\n" + "</parameter_data>\n" + "<staging>0</staging>\n" + "<sig_data>\n" + "<sig_id>200001475</sig_id>\n" + "<blocking_mask>3</blocking_mask>\n" + "<kw_data>\n" + "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>\n" + "<offset>8</offset>\n" + "<length>7</length>\n" + "</kw_data>\n" + "</sig_data>\n" + "<sig_data>\n" + "<sig_id>200000098</sig_id>\n" + "<blocking_mask>3</blocking_mask>\n" + "<kw_data>\n" + "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>\n" + "<offset>7</offset>\n" + "<length>7</length>\n" + "</kw_data>\n" + "</sig_data>\n" + "<sig_data>\n" + "<sig_id>200001088</sig_id>\n" + "<blocking_mask>2</blocking_mask>\n" + "<kw_data>\n" + "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>\n" + "<offset>15</offset>\n" + "<length>6</length>\n" + "</kw_data>\n" + "</sig_data>\n" + "<sig_data>\n" + "<sig_id>200101609</sig_id>\n" + "<blocking_mask>3</blocking_mask>\n" + "<kw_data>\n" + "<buffer>c3ZhbmdhPTxzY3JpcHQ+YWxlcnQoMSk8L3NjcmlwdD4i</buffer>\n" + "<offset>7</offset>\n" + "<length>25</length>\n" + "</kw_data>\n" + "</sig_data>\n" + "</violation>\n" + "</request-violations>\n" + "</BAD_MSG>\",bot_signature_name=\"N/A\",bot_category=\"N/A\",bot_anomalies=\"N/A\",enforced_bot_anomalies=\"N/A\",client_class=\"Browser\",client_application=\"Chrome\",client_application_version=\"133\",request=\"GET /waf?svanga=%3Cscript%3Ealert(1)%3C/script%3E%22 HTTP/1.1\\r\\nhost: cyberwasp-sv-helloworld.ikp3001ynp.cloud.uk.fed\\r\\ncache-control: max-age=0\\r\\nsec-ch-ua: \"\"Not(A:Brand\"\";v=\"\"99\"\", \"\"Google Chrome\"\";v=\"\"133\"\", \"\"Chromium\"\";v=\"\"133\"\"\\r\\nsec-ch-ua-mobile: ?0\\r\\nsec-ch-ua-platform: \"\"Windows\"\"\\r\\nupgrade-insecure-requests: 1\\r\\nuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36\\r\\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\\r\\nsec-fetch-site: none\\r\\nsec-fetch-mode: navigate\\r\\nsec-fetch-user: ?1\\r\\nsec-fetch-dest: document\\r\\naccept-encoding: gzip, deflate, br, zstd\\r\\naccept-language: en-US,en;q=0.9\\r\\npriority: u=0, i\\r\\ncookie: ajs_user_id=58a7143edf3a5119b80c3c453acbdc1655a0a79a; ajs_anonymous_id=ce332d12-b974-49e2-b93c-15eab5fba064; amp_33557d=mrNI_Ya3kZXwACmcPaSlxG...1inejviav.1inekn40u.0.0.0; amp_33557d_uk.fed=mrNI_Ya3kZXwACmcPaSlxG...1inejvib3.1inekn411.0.0.0\\r\\n\\r\\n\",transport_protocol=\"HTTP/2.0\""; final Pattern pattern = Pattern.compile(regex, Pattern.MULTILINE); final Matcher matcher = pattern.matcher(string); while (matcher.find()) { System.out.println("Full match: " + matcher.group(0)); for (int i = 1; i <= matcher.groupCount(); i++) { System.out.println("Group " + i + ": " + matcher.group(i)); } } } }

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Java, please visit: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html