According to adminguide: " Block and allow lists support wildcard patterns. The following characters are considered separators: . / ? & = ; + Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid: *.yahoo.com (Tokens are: "*", "yahoo" and "com") www.*.com (Tokens are: "www", "*" and "com") www.yahoo.com/search=* (Tokens are: "www", "yahoo", "com", "search", "*") The following patterns are invalid because the character “*” is not the only character in the token. ww*.yahoo.com www.y*.com " * is considered wildcard but I cant find of any list that states if there are other characters with special features. I assume the + above doesnt mean "one or many" as with regexp. One thing to test is if you set this up as: 1) Deny "www.example.com/*" 2) Allow "www.example.com" But that would break probably everything with the site :smileysilly: So you would probably need to construct it as (if above works and you can only reach the root): 1) Allow "www.example.com/pics/*", "www.example.com/scripts/*" 2) Deny "www.example.com/*" 3) Allow "www.example.com" Regarding your sales vs marketing team: 1) Deny User: Sales, "www.example.com/marketing-team" 2) Deny User: Marketing, "www.example.com/sales-team" 3) Allow User: Sales and Marketing, "www.example.com" However note that some sites uses CDN's or for that matter suddently alter their URI's etc which gives that if "www.example.com/sales-team" changes into "www.example.com/sale-team" and you didnt uptime your filters the marketing will be able to reach the sale-team stuff.
... View more