Wildcards in Destination Lists
Cisco Secure Access supports adding domains in destination lists. Every domain in a block or allow destination list has an implied left-side and right-side wildcard. Secure Access also supports right-side wildcarding of URLs in block destination lists. For more information about URLs, see URLs and Right-Side Wildcarding.
Table of Contents
Guidelines
- Asterisks (*) are not supported in destinations that you add to a destination list.
- Regular expressions in URL paths are not supported for destinations that you add to a destination list.
- Secure Access requires that URLs follow RFC-3986 (Uniform Resource Identifier (URI): Generic Syntax).
We recommend that you check the characters in the URL and the composition of the URL.
For more information about troubleshooting possible error conditions with destination lists, see Troubleshoot DNS Destination Lists.
Domains and Wildcards
| Destination List Entry | Implied Wildcard |
|---|---|
| domain.com | *.domain.com/* |
| www.domain.com | *.[www.domain.com/\](http://www.domain.com/\)\* |
Unsupported Domain Entries in Destination Lists
It is not possible to use an asterisk in a wildcard to navigate to a different part of the domain. For example, the following wildcards will not work:
- *.domain.com
- subdomain.*.com
- sub*.com
- domain.*
Adding domain.com to a destination list results in requests to domain.com or its subdomains, such as www.domain.com or www.domain.com/path.
URLs and Right-Side Wildcarding
For destinations that are URLs, you can add a partial URL to a block destination list that uses right-side wildcarding.
For example:
If you add youtube.com/watch? to a block destination list, Secure Access would also block youtube.com/watch?=12345, but not www.youtube.com/watch.
For more information about URLs, see Control Access to Custom URLs.
Control Access to Custom URLs < Wildcards and Destination Lists > Troubleshoot Destination Lists
Updated 8 days ago