Consider the
potential matches an entry might have before adding it to a URL
category exception list. Entries that do not end in a trailing slash
(/) or asterisk (*) may match more URLs than expected, resulting
in less precise policy enforcement. For example, if you add
example.com
to
a list of allowed websites, the firewall assumes an implicit asterisk
and interprets that entry as
example.com.*
.
As a result, the firewall allows access to sites such as
example.com.test.info
.
You can construct domain entries with a trailing slash (
example.com/
)
to prevent the firewall from assuming an implicit asterisk to the
right of the domain. (See the step to
Append a Trailing
Slash for an overview of the trailing slash.)