Hi All, Got a regex thing I can't explain, but it may of course be down to my inexperience with regexs generally. Please forgive the non-ideal email address regex, it's not great, but not really my focus here at this point, I aim to improve it. For now it's as simple as I can make it, having paired it down to hopefully find the problem. We're using a captive portal which only allows pass-through of a username and password as user "fields". The system uses voucher auth, so we don't actually use the password field for a password, rather using it to capture email address, browser agent, version and OS details from the client's browser. This is a via the user-password string in the format field:<string> field2:<string> - fields, with the string following a colon, separated by spaces. e.g. email:my.email@address.com browseragent:safari version:7 os:ios5 The string is passed through a few regexes, each picking off the field string in a capture group. It's failing on the first, the email regex being pretty simple: ^email:([a-z0-9._-]+@[a-z0-9.-]+\.[a-z]{2,4}) I've tried various delimiters but all result in the same issue: email:my.email@address.com,browseragent:safari,version:7,os:ios5 email:my.email@address.com#browseragent:safari#version:7#os:ios5 I've also tried compiling with and without libpcre3-dev, same - the regex is not stopping at the space or , or #, whatever delimiter I choose. The non email regexes seem to work ok.. Code : (in policy.d folder) email_regexp= "^email:([a-z0-9._-]+@[a-z0-9.-]+\\.[a-z]{2,4})" if ("%{User-Password}" =~ /${policy.email_regexp}/){ update control { Email-Address := "%{1}" } } Result: ? if ("%{User-Password}" =~ /^email:([a-z0-9._-]+@[a-z0-9.-]+\.[a-z]{2,4})/) (0) expand: "%{User-Password}" -> 'email:my.email@address.com browseragent:safari version:7 os:ios5' (0) ? if ("%{User-Password}" =~ /^email:([a-z0-9._-]+@[a-z0-9.-]+\.[a-z]{2,4})/) -> TRUE (0) if ("%{User-Password}" =~ /^email:([a-z0-9._-]+@[a-z0-9.-]+\.[a-z]{2,4})/) { (0) update control { (0) expand: "%{1}" -> 'my.email@address.com brow' (0) Email-Address := "my.email@address.com brow" (0) } # update control = noop (0) [noop] = noop (0) } # if ("%{User-Password}" =~ /^email:([a-z0-9._-]+@[a-z0-9.-]+\.[a-z]{2,4})/) = noop (0) ... skipping else for request 0: Preceding "if" was taken (0) } # check_email_address check_email_address = noop (0) check_browser_agent check_browser_agent { (0) ? if ("%{User-Password}" =~ /browseragent:([a-z0-9_-]+)/) (0) expand: "%{User-Password}" -> 'email:my.email@address.com browseragent:safari version:7 os:ios5' (0) ? if ("%{User-Password}" =~ /browseragent:([a-z0-9_-]+)/) -> TRUE (0) if ("%{User-Password}" =~ /browseragent:([a-z0-9_-]+)/) { (0) update control { (0) expand: "%{1}" -> 'safari' (0) Browser-Agent := "safari" (0) } # update control = noop (0) } # if ("%{User-Password}" =~ /browseragent:([a-z0-9_-]+)/) = noop (0) } # check_browser_agent check_browser_agent = noop (0) check_browser_version check_browser_version { (0) ? if ("%{User-Password}" =~ /version:([a-z0-9_-]+)/) (0) expand: "%{User-Password}" -> 'email:my.email@address.com browseragent:safari version:7 os:ios5' (0) ? if ("%{User-Password}" =~ /version:([a-z0-9_-]+)/) -> TRUE (0) if ("%{User-Password}" =~ /version:([a-z0-9_-]+)/) { (0) update control { (0) expand: "%{1}" -> '7' (0) Browser-Version := "7" (0) } # update control = noop (0) } # if ("%{User-Password}" =~ /version:([a-z0-9_-]+)/) = noop (0) } # check_browser_version check_browser_version = noop (0) check_browser_os check_browser_os { (0) ? if ("%{User-Password}" =~ /os:([a-z0-9_-]+)$/) (0) expand: "%{User-Password}" -> 'email:my.email@address.com browseragent:safari version:7 os:ios5' (0) ? if ("%{User-Password}" =~ /os:([a-z0-9_-]+)$/) -> TRUE (0) if ("%{User-Password}" =~ /os:([a-z0-9_-]+)$/) { (0) update control { (0) expand: "%{1}" -> 'ios5' (0) Browser-OS := "ios5" I also tried a different regex, but the problems seem worse there.. ? if ("%{User-Password}" =~ /^email:([a-z0-9_-]+(\.[a-z0-9_-]+)*@[a-z0-9_-]+(\.[a-z0-9_-]+)*(\.[a-z] {2,4}))/) (1) expand: "%{User-Password}" -> 'email:my.email@address.com browseragent:safari version:7 os:ios5' (1) ? if ("%{User-Password}" =~ /^email:([a-z0-9_-]+(\.[a-z0-9_-]+)*@[a-z0-9_-]+(\.[a-z0-9_-]+)*(\.[a-z] {2,4}))/) -> TRUE (1) if ("%{User-Password}" =~ /^email:([a-z0-9_-]+(\.[a-z0-9_-]+)*@[a-z0-9_-]+(\.[a-z0-9_-]+)*(\.[a-z] {2,4}))/) { (1) update control { (1) expand: "%{1}" -> 'my.email@address.com browseragent:safari version:7 os:ios' (1) Email-Address := "my.email@address.com browseragent:safari version:7 os:ios" (1) } # update control = noop Any ideas what I'm doing wrong? Thanks andy