Palo Alto Networks Knowledgebase: DotW: URL Wildcard Pattern

DotW: URL Wildcard Pattern

Created On 07/18/19 19:26 PM - Last Updated 07/18/19 20:11 PM

In this week's DotW, we discuss a specific question one of our members posted in several discussions:


Screen Shot 2017-01-09 at 10.43.45.pngdiscussion

Screen Shot 2017-01-09 at 10.44.29.pngdiscussion


User oscaringosv is looking for a way to block URLs that have a specific word pattern/string.  In his example, he was looking to match on the word "good".


  • He already tried using custom URL categories with wildcards.  
  • Note that you cannot use regex in custom URL categories.


There are, however, some considerations to take when you want to use wildcards in custom URL categories.  Allow me to explain using "good" as an example:


The following characters are considered separators:
Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:
* (Tokens are: "*", "good" and "com")
www.*.com (Tokens are: "www", "*" and "com")* (Tokens are: "www", "good", "com", "search", "*")
The following patterns are invalid because the character “*” is not the only character in the token.
  • ww*
  • www.good*.com


Looking for an alternative, user oscaringosv found a discussion with a possible workaround.


The above discussion talks about using a signature-based custom application.

While custom applications with signatures can be very useful, they do have minimum requirements. For example, the pattern used must be a minimum of 7 bytes.


More details on how to create custom application signatures and requirements can be found here:


You can follow both discussions in the links below:


Cheers !




  • Print
  • Copy Link

Choose Language