03-03-2022 06:35 AM
Is anyone able to confirm this for me by chance? I'm trying to do some testing, but being able to find independent confirmation would be a nice comfort to me.
In a Custom URL category list, is an entry like:
abc.com/
equivalent to:
abc.com/*?
Thanks!
Thanks!
03-03-2022 08:14 AM
Yes. "abc.com/" will match "abc.com/index" and "abc.com/example/index". But it does not match "example.abc.com/index", so if you are trying to include/exclude all of abc.com, you need "abc.com/" and "*.abc.com/" entries.
03-03-2022 08:14 AM
Yes. "abc.com/" will match "abc.com/index" and "abc.com/example/index". But it does not match "example.abc.com/index", so if you are trying to include/exclude all of abc.com, you need "abc.com/" and "*.abc.com/" entries.
03-03-2022 09:16 AM
Thanks, Adrian. We have some cluttered (and extensive) URL categories because of a multitude of instances of abc.com/ and abc.com/* being in the lists for some reason. Likely just lack of proper knowledge on someone's part.
Thanks.
03-03-2022 09:22 AM
Yeah, I recently did the same, have 20+ custom categories with hundreds of entries in many of them added by different people over the years. Consolidated them down and added proper terminating slashes, haven't seen any issues yet (knock on wood).
10-15-2024 09:42 AM
Can anyone explain what *.abc.com/* will match? For instance would it match example.abc.com/word/text ?
10-15-2024 05:19 PM
Gary, They are equivalent. You do not need the trailing asterisk.
You want the trailing slash to prevent matching abc.com.malware.lol/got-you-now
The KB should be fairly clear and fill in any gaps once you know this.
https://live.paloaltonetworks.com/t5/general-topics/url-filtering-clarification-wildcards-behavior-i...
03-04-2026 03:23 AM
This answer confuses me, according to the Palo Alto docs,
abc.com/
abc.com/*Are explicitly different.
abc.com/
matches:
abc.com
abc.com/blabla
does NOT match:
abc.com.google.com
-
abc.com/*
matches:
abc.com/blabla
abc.com/sub1/sub2
does NOT match:
abc.com
Can you confirm if my understanding is correct?
03-09-2026 10:39 AM - edited 03-09-2026 10:41 AM
@deeryolk you are correct. "abc.com/" and "abc.com/*" are explicitly different, but as used in the example there is only a single difference. Normally there is no need to include the trailing URL with a "*" as it is implied. The "." and "/" characters act as pattern delimiters, an "*" is a entry wildcard (though not quite the same as a regex wildcard), and a "^" is a single entry wildcard (but does not apply to URLs and nothing like a regex ^).
"abc.com/"
Matches:
abc.com/
abc.com/index
abc.com/subdir/index
Does not match:
example.abc.com/
abc.com.example.com/
"abc.com/*"
Matches:
abc.com/index
abc.com/subdir/index
Does not match:
abc.com/
example.abc.com/
abc.com.example.com/
"*.abc.com/"
Matches:
example.abc.com/
example.abc.com/index
example.abc.com/subdir/index
Does not match:
abc.com/
abc.com/index
abc.com/subdir/index
abc.com.example.com/
So normally if you want to allow/disallow an entire site in a custom URL Category you need the "abc.com/" and "*.abc.com/". Using the trailing asterisk forces matching any defined URL path and excludes an empty URL path (i.e. hxxps://abc.com/).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
