# URL Patterns & Resource URL Patterns

## Overview

This guide will go over the following PAM settings section for the PAM Browser Record:

* URL Patterns
* Resource URL Patterns

## URL Patterns & Resource URL Patterns <a href="#url-patterns" id="url-patterns"></a>

The format of the URL patterns accepted by the “Allowed URL Patterns” and “Allowed Resource URL Patterns” parameters is identical to any URL and dictates exactly which URLs are allowed to be used. They are enforced according to the following criteria:

* Any aspect of the URL that is omitted from the pattern is ignored (not enforced as a requirement), except that standard port numbers are considered to have been specified if a scheme is specified.
* A `*.` wildcard prefix may be used for domain names to indicate "any subdomain of a particular domain".
* A `*` wildcard may be used in place of a path to more visibly and explicitly note that any value is allowed.
* A `*` wildcard may be used at the end of a path to indicate that any subpath of that path is allowed.
* A `*` wildcard may be used in place of a port number to indicate that any port is allowed.

For example:

| Pattern                     | Meaning                                                                                                                                                               |
| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `accounts.google.com`       | Allow requests to the domain `accounts.google.com` involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved. |
| `*.youtube.com`             | Allow requests to any subdomain of `youtube.com` involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved.   |
| `http://10.10.10.10:8080`   | Allow requests to `10.10.10.10` on port `8080` using strictly HTTP (not HTTPS) and any path.                                                                          |
| `10.10.10.10:*`             | Allow requests to `10.10.10.10` on any port using any protocol and any path.                                                                                          |
| `https://example.net/foo`   | Allow requests to `example.net` using strictly HTTPS (not HTTP) and the path “/foo”. Requests must be made to the standard port for HTTPS.                            |
| `https://example.net/foo/*` | Allow requests to `example.net` using strictly HTTPS (not HTTP) and any path beneath “/foo”. Requests must be made to the standard port for HTTPS.                    |
| `google.com`                | This would allow any protocol or path from `google.com` root domain, but does not allow a subdomain.                                                                  |

In the next section, we'll cover the [autofill capabilities](/en/keeperpam/privileged-access-manager/remote-browser-isolation/setting-up-rbi/browser-autofill.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.keeper.io/en/keeperpam/privileged-access-manager/remote-browser-isolation/setting-up-rbi/url-patterns-and-resource-url-patterns.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.