Wildcards in Destination Lists

Wildcards support top-level domains (TLDs) to allow or block domains in destination lists. Every domain in a block or allow destination list has an implied left-side and right-side wildcard. Secure Access also supports right-side wildcarding of URLs in block destination lists. For more information about URLs, see URLs and Right-Side Wildcarding.

Table of Contents

• Guidelines
• Domains and Wildcards
• URLs and Right-Side Wildcarding

Guidelines

• Asterisks (*) are not supported in destinations that you add to a destination list.
• Adding a TLD to an allow list may open your network to malware threats.
• Adding a TLD to a block list may block more than expected due to CNAMEs and CDNs.
• Regular expressions in URL paths are not supported for destinations that you add to a destination list.
• Secure Access requires that URLs follow RFC-3986 (Uniform Resource Identifier (URI): Generic Syntax). We recommend that you check the characters in the URL and the composition of the URL.

For more information about troubleshooting possible error conditions with destination lists, see Troubleshoot DNS Destination Lists.

Domains and Wildcards

It is not possible to use an asterisk in a wildcard to navigate to a different part of the domain. For example, the following wildcards will not work:

• *.domain.com
• subdomain.*.com
• sub*.com
• domain.*

Adding domain.com to a destination list results in requests to domain.com or its subdomains, such as www.domain.com or www.domain.com/path.

URLs and Right-Side Wildcarding

For destinations that are URLs, you can add a partial URL to a block destination list that uses right-side wildcarding.

For example:

If you add youtube.com/watch? to a block destination list, Secure Access would also block youtube.com/watch?=12345, but not www.youtube.com/watch.

For more information about URLs, see Control Access to Custom URLs.

---

Control Access to Custom URLs < Wildcards and Destination Lists > Add Top-Level Domains To Destination Lists