Welcome to Portal

?Unknown\pull-down
feedback

Welcome to Ulaa Support

Search our knowledge base, ask the community or submit a ticket.

URL pattern format for site policy

URL patterns must be defined for multiple policies to indicate their applicable URLs. These patterns adhere to the following rules.

Valid patterns

1. “*”
This pattern matches any URL, with any scheme, port, and path.
2. “scheme://domains:port/path”
  1. The supported schemes are “http” and “https”.
  2. The scheme can be left out, along with the scheme separator “://” to match any scheme. Alternatively, a wildcard “*” can be used to the same effect.
  3. The domain is followed by a top-level domain and may be prefixed by one or more subdomains. Alternatively, a host (such as localhost) can be used instead.
  4. A domain can be prefixed by a wildcard “[*.]” to match the domain or any of its subdomains. The domain in question can be a subdomain of any level. Note the fact that the wildcard “[*.]” isn’t followed by a dot and should be prefixed directly to the domain/subdomain.
  5. A domain without the wildcard prefix will only match that exact domain and not any subdomains.
  6. The port is a number in the range 0-65535. It can be left out along with the port separator “:” or replaced by a wildcard “*” to match any port.
  7. Similarly, the path can be left out along with the part separator “/” or replaced by a wildcard “*” to match any path.
  8. Wildcards cannot be used for partially matching a scheme, domain, host, port, or path.
  9. Using multiple wildcards in the same pattern (e.g. *://google.com:*/*) is supported.
3. “scheme://a.b.c.d:port/path”
  1. Instead of a domain, an IPv4 address in the form “a.b.c.d” can be used. While the rules for schemes, ports and paths remain the same as for domain URLs, wildcards cannot be used at all for IP addresses.
4. “scheme://[a:b:c:d:e:f:g:h]:port/path”
An IPv6 address can also be used in the form “[a:b:c:d:e:f:g:h]”. The brackets are mandatory. Just like with IPv4 addresses, wildcards are not supported. Rules for schemes, ports, and paths remain the same as for domain URLs and IPv4 addresses.
5. “file://path”
  1. If the “file” scheme is used, the path has to start with a “/”, therefore “file://dir/myfile.html” is an invalid pattern. “file:///dir/myfile.html” (with three forward slashes after “file:”) needs to be used instead. The only valid file URL wildcard format is “file:///*”, which matches any valid file URL.
  2. The domain part of a file URL needs to be empty, and will match any domain (or localhost). For example, “file:///file.html” will match “file://localhost/file.html” and “file://mysite.com/file.html”.
  3. Ports cannot be used.

Invalid patterns

  1. [*.].abc.com is invalid (notice the dot before “mysite”).
  2. file://abc.com/somefile.html is invalid as the domain is non-empty (not allowed in file URLs).
  3. file://somefile.html is invalid (only two forward slashes instead of three).
  4. As is file://somefile.*. (the only valid file URL that contains a wildcard is file:///*)
  5. [*.]127.0.0.1 is invalid (using subdomains or subdomain wildcards with IP addresses is invalid).

Example patterns

  1. “*://abc.com:*/path” will match both http://abc.com:80/path and https://abc.com:443/path.
  2. [*.]abc.com will match both abc.com and subdomain.abc.com. It will also match any scheme, port, and path.
  3. [*.]oogle.com will not match google.com. It will, however, match subdomain.oogle.com.
  4. file:///foo/bar.html will match file://localhost/foo/bar.html and file://mysite.com/foo/bar.html.
  5. file:///* is valid and will match any file:// URL.
  6. Schemes, ports and paths can be used with IP addresses, for example https://[::1]:8080/myfile.html is valid.

URL blocklist examples

URL Blocklist entry
Result
abc.comDenies all requests to abc.com, www.abc.com, and sub.www.abc.com.
http://abc.comDenies all HTTP requests to abc.com and any of its subdomains, but allows HTTPS requests.
https://*Denies all HTTPS requests to any domain.
mail.abc.comDenies requests to mail.abc.com but not to www.abc.com or abc.com.
.abc.comDenies requests to abc.com but not its subdomains, like abc.com/docs.
.www.abc.comDenies requests to www.abc.com but not its subdomains.
*Denies all requests except for those to blocklist exception URLs. This includes any URL scheme, such as http://google.com, https://gmail.com, and chrome://policy.
:8080Denies all requests to port 8080.
abc.com/stuffDenies all requests to abc.com/stuff and its subdomains.
192.0.2.1Denies requests to this exact IP address.
?v
*?abc*

*?abc=*

*?abc=100*
Denies any request with the query ?abc=100.
?b=2&a=1Denies any request with the following queries: ?b=2&a=1
?a=1&b=2Denies any request with the following queries: ?a=1&b=2
?a=1&c=3&b=2Denies any request with the following queries: ?a=1&c=3&b=2
youtube.com/watch?v=abcDenies youtube video with id abc.




  • Divya . S
  • Divya . S
  • Updated: 10 months ago
Helpful?00
Share :
Comment
A
/* */
  • 12
  • Insert
  • Plain text
Add CommentCancel
(Up to 20 MB )
Follow

Subscribe to receive notifications from this article.