Examples of using wildcards in URL filtering profiles
220935
Created On 05/19/21 04:20 AM - Last Modified 04/26/23 22:38 PM
Symptom
The article helps understand why certain URL is matching or not matching a wildcard filter in customer URL category.
Example: google.com in the URL category is matching google.com.randomwebsite.com
Environment
- Palo Alto Firewall.
- PAN-OS 8.1, 9.0, 9.1, 10.0.
- URL Filtering.
Resolution
Below are examples of how various wildcard filter combinations are matching and not matching particular websites according to current expected behavior:
- *.google.com - will match blog1.blog2.google.com.au.us. and will also match blog1.google.com (without / character there is an implicit * at the end)
- ^.google.com/ - will match only blog.google.com but will not match google.com or other.blog.google.com
- google.^ - will match any website on the right. Will match google.com, google.com.au, google.com.au.us
- google.^.au/ - will match only google.com.au and google.uk.au but will not match google.com or google.com.au.website.info
- *.google.com/ - will match blog1.blog2.google.com but will not match google.com or blog.google.com.au
- *.google.com.* - will match blog1.blog2.google.com.au.us and will not match blog1.google.com
- google.com - will match google.com.au and google.com.au.website and google.com
- google.com/ - will match only google.com
- All domain/subdomain patterns also would match all subpages that are related to these domains.
- * and ^ can't be used in the same configuration on the same firewall in 9.0 and 8.1, but can be used in PAN-OS 9.1 and 10.0.
- Subpages can be matched by filter only if decryption is enabled for specific URLs.
- xyz.com/* - will match xyz.com/word1 and xyz.com/word2
- or xyz.com/word. - will only match xyz.com/word
Additional Information
URL Category Exceptions