This can be achieved by using regular expressions in the custom URL categories.
However since this is HTTPS connection and in order for the S370 to read anything after the parent domain such as www.example.com/link1, the connection will need to be decrypted (HTTPS proxy need to be enabled) first otherwise S370 can only see connection to www.example.com.
Once HTTPS connection being decrypted, it will then use access policy (in which you can include your custom URL category with regular expression in it only for that specific link).
Simple scenario for this:
1. HTTPS enable
2. Decrypt google.com from decryption policy
3. Create Custom URL category and use regular expression such as:
/www.google.com/recaptcha/api/siteverify/
or if you dont care the parent domain and only want to have "recaptcha" word in the destination link, you can use below:
/recaptcha/*
4. Access Policy that block google or all search engine category
5. Create a new access policy on the top of step# 4 and include the custom URL category that set to "Allow"
Doing the above will allow only that link while still blocking the rest of google traffic.
Regards
Handy Putra