Domain List

You can use placeholder characters in domain lists to configure a single entry to match against multiple website subdomains, pages, including entire top-level domains, as well as matches to specific web pages.
Follow these guidelines when creating domain list entries:
  • Enter each domain name in a new line; URLs or IP addresses are not supported in this list.
  • Do not prefix the domain name with the protocol, http:// or https://.
  • The following characters are considered token separators: . / ? & = ; +
    Every string separated by one or two of these characters is a token. Use wildcard characters as token placeholders, indicating that a specific token can contain any value.
  • You can use an asterisk (*) to indicate a wildcard value.
  • You can use a caret (^) to indicate an exact match value.
  • Wildcard characters must be the only character within a token; however, an entry can contain multiple wildcards.
When to use asterisk (*) wildcards:
Use an asterisk (*) wildcard to indicate one or multiple variable subdomains. For example, to specify enforcement for Palo Alto Network’s website regardless of the domain extension used, which might be one or two subdomains depending on location, you would add the entry: * This entry would match to both and
You can also use this wildcard to indicate entire top-level domains. For example, to specify enforcement of a TLD named .work , you would add the entry: *.work. This matches against all websites ending with .work.
The (*) wildcard can only be prepended in domain entries.
When to use a caret (^) character:
Use carets (^) to indicate an exact match of a subdomain. For example, ^ matches only to This entry does not match to any other site.

EDL Domain List—Wildcard Examples

The following tables lists examples of EDL domain list entries using wildcards, and examples of the sites that these entries match to.
EDL Domain List EntryMatching Sites
*.clickmatches against all websites ending with a top-level domain of .click.

Related Documentation