URL Lists and Feeds: URL Syntax and Matching Criteria

Security Intelligence URL lists and feeds, including custom lists and feeds and entries in the global Block list and Do Not Block list, can include the following, which have the matching behavior as described:

Hostnames

For example, www.example.com.

URLs

example.com matches example.com and all subdomains, including www.example.com, eu.example.com, example.com/abc, and www.example.com/def -- but NOT example.co.uk or examplexyz.com or example.com.malicious-site.com

You can also include an entire URL path, such as https://www.cisco.com/c/en/us/products/security/firewalls/index.html

Note

You can create a custom URL, Network, and DNS feeds, wherin, you can add the username and password inside the URL itself, for example: https://admin:password@server.domain.com/list.txt

However, if your password contain special characters such as a colon (:) or an at sign (@), the transmission would fail. Ensure that your password does not have any special characters. Alternatively, you could use an encoded password in the URL.

A slash at the end of a URL to specify an exact match

example.com/ matches ONLY example.com; it does NOT match www.example.com or any other URL.
A wildcard (*) to represent any domain in a URL

An asterisk can represent a complete domain string separated by dots, but not a partial domain string, and not any part of the URL following the first slash.

Valid examples:
- *.example.com
- www.*.com
- example.*
  
  (This will match example.com and example.org and example.de, for example, but NOT example.co.uk)
- *.example.*
- example.*/
Invalid examples:
- example*.com
- example.com/*
IP addresses (IPv4)

For IPv6 addresses, or to use ranges or CIDR notation, use the Security Intelligence Network object.

You can include one or more wildcards representing an octet, for example 10.10.10.* or 10.10.*.*.