Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts with replies and give us your feedback.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4823
Views
5
Helpful
7
Replies

Allow list URL patterns

Go to solution
guitbbb
Level 2
Level 2

‎04-01-2025 12:40 PM

Within a group policy's 'Allow list URL patterns', do the following configurations have the same effect?

abcd.com

*.abcd.com

My goal is to allow all domains and subdomains of 'abcd.com'.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ChrisJ21
Cisco Employee
Cisco Employee

‎04-02-2025 06:56 AM

Hi all,

This can be confusing, as the behavior differs from FQDN usage in L3 firewall rules,

The allow list URL Patterns does not support the use of the Asterix "*" as a wildcard within the URL.

  • The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard
  • Note that this isvery rarely useful, except in URLs that actually require asterisk symbols, such as https://web.archive.org/web/*/meraki.com

the "*" can only be used as a 'catch-all' wildcard, allowing or blocking everything.

entering abcd.com into the Allowed URL list, will allow all subdomains of abcd.com, and this would be the recommended usage.

Please refer to the documentation below for more information:

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering#Using_the_Catch-All_Wildcard_(*)_in_URLs

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

View solution in original post

7 Replies 7

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎04-01-2025 12:45 PM

No, the asterisk will allow everything that comes before the dot, the URL without the asterisk will not.

For example, if you allow abcd.com and there is an ecommerce.abcd.com, you will not be able to access that URL.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Go to solution
guitbbb
Level 2
Level 2
In response to aleabrahao

‎04-01-2025 12:48 PM

Thank you @alessandrodematos for the clarification.

Would you happen to know of any Meraki documentation that details this, so I can share it internally?

0 Helpful

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to guitbbb

‎04-01-2025 01:00 PM

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Go to solution
Raphael_L
Meraki Community All-Star
Meraki Community All-Star

‎04-01-2025 02:05 PM

I was under the impression that the behavior was similar to FQDN support in L3 firewall rules. Which it might not https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support

  1. FQDN rules imply a wildcard when no subdomain is used by prepending a * to the domain.tld. This wildcard is not shown on the Dashboard but is visible in syslog messages if syslog is configured for a network. For example, a rule to permit "yahoo.com" would permit any subdomain under yahoo.com such as mail.yahoo.com. Permitting "mail.yahoo.com" in the rule would only permit mail.yahoo.com and not the TLD or other subdomain of yahoo.com.

Go to solution
ChrisJ21
Cisco Employee
Cisco Employee

‎04-02-2025 06:56 AM

Hi all,

This can be confusing, as the behavior differs from FQDN usage in L3 firewall rules,

The allow list URL Patterns does not support the use of the Asterix "*" as a wildcard within the URL.

  • The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard
  • Note that this isvery rarely useful, except in URLs that actually require asterisk symbols, such as https://web.archive.org/web/*/meraki.com

the "*" can only be used as a 'catch-all' wildcard, allowing or blocking everything.

entering abcd.com into the Allowed URL list, will allow all subdomains of abcd.com, and this would be the recommended usage.

Please refer to the documentation below for more information:

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering#Using_the_Catch-All_Wildcard_(*)_in_URLs

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.

Go to solution
Raphael_L
Meraki Community All-Star
Meraki Community All-Star
In response to ChrisJ21

‎04-02-2025 06:59 AM

Hi ,


You are saying it differs , but it doesn't differs in the way that either in L3 firewall or Allowed URLs : abcd.com or *.abcd.com is equal.

0 Helpful

Go to solution
ChrisJ21
Cisco Employee
Cisco Employee

‎04-04-2025 01:11 AM

Hi

Thank you for your reply.

In Allowed URLs, abcd.com will allow all subdomains of abcd.com , whereas "*abcd.com" will only allow the URL "*.abc.com" which is unlikely to be useful.

  • The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard.
If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Helpful
Customers Also Viewed These Support Documents