Meraki

Community

Allow list URL patterns

guitb
Getting noticed
yesterday
yesterday

Allow list URL patterns

Within a group policy's 'Allow list URL patterns', do the following configurations have the same effect?

 

abcd.com

*.abcd.com

 

My goal is to allow all domains and subdomains of 'abcd.com'.

0 Kudos
6 Replies 6
alemabrahao
Kind of a big deal
yesterday
yesterday

No, the asterisk will allow everything that comes before the dot, the URL without the asterisk will not.

For example, if you allow abcd.com and there is an ecommerce.abcd.com, you will not be able to access that URL.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
guitb
Getting noticed
yesterday
yesterday

Thank you @alemabrahao  for the clarification.

Would you happen to know of any Meraki documentation that details this, so I can share it internally?

0 Kudos
In response to guitb
alemabrahao
Kind of a big deal
yesterday
yesterday

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal
yesterday
yesterday

I was under the impression that the behavior was similar to FQDN support in L3 firewall rules. Which it might not https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/MX_Firewall_Settings#FQDN_Support

 

  1. FQDN rules imply a wildcard when no subdomain is used by prepending a * to the domain.tld. This wildcard is not shown on the Dashboard but is visible in syslog messages if syslog is configured for a network. For example, a rule to permit "yahoo.com" would permit any subdomain under yahoo.com such as mail.yahoo.com. Permitting "mail.yahoo.com" in the rule would only permit mail.yahoo.com and not the TLD or other subdomain of yahoo.com. 
ChrisJ2
Meraki Employee
Meraki Employee
11 hours ago
11 hours ago

Hi all,

 

This can be confusing, as the behavior differs from FQDN usage in L3 firewall rules,

 

The allow list URL Patterns does not support the use of the Asterix "*" as a wildcard within the URL.

  • The " * " (asterisk) symbol when used as part of a URL or in line with a URL is simply a regular asterisk symbol and is interpreted as part of the URL, NOT as a wildcard
  • Note that this isvery rarely useful, except in URLs that actually require asterisk symbols, such as https://web.archive.org/web/*/meraki.com

the "*" can only be used as a 'catch-all' wildcard, allowing or blocking everything.

 

entering abcd.com into the Allowed URL list, will allow all subdomains of abcd.com, and this would be the recommended usage.

 

Please refer to the documentation below for more information: 

 

https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering#Using_...

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
In response to ChrisJ2
RaphaelL
Kind of a big deal
Kind of a big deal
11 hours ago
11 hours ago

Hi ,


You are saying it differs , but it doesn't differs in the way that either in L3 firewall or Allowed URLs : abcd.com or *.abcd.com is equal.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.