Examples of using wildcards in URL filtering profiles

Examples of using wildcards in URL filtering profiles

Created On 05/19/21 04:20 AM - Last Modified 04/26/23 22:38 PM


The article helps understand why certain URL is matching or not matching a wildcard filter in customer URL category.
Example: google.com in the URL category is matching google.com.randomwebsite.com


  • Palo Alto Firewall.
  • PAN-OS 8.1, 9.0, 9.1, 10.0.
  • URL Filtering.


Below are examples of how various wildcard filter combinations are matching and not matching particular websites according to current expected behavior:
  1.  *.google.com     - will match blog1.blog2.google.com.au.us. and will also match blog1.google.com (without / character there is an implicit * at the end)
  2.  ^.google.com/   - will match only blog.google.com but will not match google.com or other.blog.google.com
  3.  google.^              - will match any website on the right. Will match google.com, google.com.au, google.com.au.us
  4.  google.^.au/    - will match only google.com.au and google.uk.au but will not match google.com or google.com.au.website.info
  5.  *.google.com/   - will match blog1.blog2.google.com but will not match google.com or blog.google.com.au 
  6.  *.google.com.* - will match blog1.blog2.google.com.au.us and will not match blog1.google.com
  7.  google.com          - will match google.com.au and google.com.au.website and google.com
  8.  google.com/        - will match only google.com
  9.  All domain/subdomain patterns also would match all subpages that are related to these domains.
  10.  * and ^ can't be used in the same configuration on the same firewall in 9.0 and 8.1, but can be used in PAN-OS 9.1 and 10.0. 
  11. Subpages can be matched by filter only if decryption is enabled for specific URLs.
    •  xyz.com/* - will match xyz.com/word1 and xyz.com/word2
    • or xyz.com/word. - will only match xyz.com/word

Additional Information

URL Category Exceptions

  • Print
  • Copy Link


Choose Language