Improving filters with wildcards!


NG Firewall supports the use of wildcards (*) in most rules. These can make your life a great deal easier!

Wildcards in Web Filter

For example, let's take Web Filter. Web Filter is a very literal application, in that it does exactly what you tell it to do. You might try entering into Web Filter's Block Sites page, only to find it doesn't block Facebook. This is because of the difference between the two URLs: vs

Since the two are different, Web Filter doesn't know that you meant the second one when you entered the first one; it's just looking for exactly In this case, you'd want to use some wildcards, so change your Block Sites entry to:

  • **

This will tell Web Filter to look for anything that has somewhere in the URL, so here are some other examples of things it might catch:


A caveat is that again, Web Filter is very literal. If you create a Block Site entry for ** — note the extra dot before the domain — Web Filter will require that the URL contain with the extra dot. This may lead to unpredictable and inconsistent blocking results! This is why it's important not to leave the dot before the domain.

Wildcards in other apps

This same logic applies to other applications & configurations. You might use wildcards in SSL Inspector to ensure an 'inspect' rule catches the appropriate site, in Policy Manager to move all Apple devices by MAC Address Vendor, or even in Web Filter's Pass Sites tab to allow a website that would normally be blocked by a Category.


For more information about blocking specific websites which can be difficult to block with just Web Filter, check these articles:

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk