Are wildcards in URL filtering supported?

ryan14 · ‎01-20-2020

I am cleaning up my policy rules and wondering if an asterisk can be used in an ACP? I have read this post but it is from several years ago and not sure if it is still an issue:

https://community.cisco.com/t5/firepower/using-wildcard-in-url-filtering/td-p/3196891

Muhammad Awais Khan · ‎01-20-2020

Hi,

I have seen * in SSL Decruption policies and it worked fine. For URL filtering rule, can do test shortly if some else didnt configure it recently :)

nspasov · ‎01-20-2020

Wildcards are not supported in the ACP. However, for URL objects, an empty space equals any character, like a wildcard. Eg: cisco.com value will match www.cisco.com and also match www.sanfrancisco.com On the other hand, if you wanted to match on only cisco.com, then you can use .cisco.com or www.cisco.com

I hope this helps!

Thank you for rating helpful posts!

ryan14 · ‎01-21-2020

Is it best practice to use a . for matching subdomains?

Would cisco.com in the acp whitelist policy whitelist:

malicioussitecisco.com ?

.cisco.com would I think prevent the above from whitelisting the above site.

Muhammad Awais Khan · ‎01-20-2020

Hi,

I just made a test on FMC 6.4.0.4, one time use plain URL without any Regex and URL blocking worked fine. When i used * in URL list, it is no more blocking that URL. Have a look on the attached snapshot

ryan14 · ‎01-21-2020

That's what led to my confusion why my asterisk (used as a wild card) worked in my SSL policy but not in ACP.

Rokib Hasan · ‎01-21-2021

Firepower does support wildcard, but not this format like (*.microsoft.com) rather it support (.microsoft.com) format. You can create a URL object with value (.microsoft.com) for blocking all microsoft.com domain, it will block for support.microsoft.com/www.update.microsoft.com/or any other sub domain before .microsoft.com. So use dot(.) instead of asterisk(*) it will work fine. I am testing it in production environment.