URL Patterns & Resource URL Patterns
Allowed URLs and Resources in the Remote Browser Isolation session
Overview
This guide will go over the following PAM settings section for the PAM Browser Record:
URL Patterns
Resource URL Patterns
URL Patterns & Resource URL Patterns
The format of the URL patterns accepted by the “Allowed URL Patterns” and “Allowed Resource URL Patterns” parameters is identical to any URL and dictates exactly which URLs are allowed to be used. They are enforced according to the following criteria:
Any aspect of the URL that is omitted from the pattern is ignored (not enforced as a requirement), except that standard port numbers are considered to have been specified if a scheme is specified.
A
*.
wildcard prefix may be used for domain names to indicate "any subdomain of a particular domain".A
*
wildcard may be used in place of a path to more visibly and explicitly note that any value is allowed.A
*
wildcard may be used at the end of a path to indicate that any subpath of that path is allowed.A
*
wildcard may be used in place of a port number to indicate that any port is allowed.
For example:
Pattern
Meaning
accounts.google.com
Allow requests to the domain accounts.google.com
involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved.
*.youtube.com
Allow requests to any subdomain of youtube.com
involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved.
http://10.10.10.10:8080
Allow requests to 10.10.10.10
on port 8080
using strictly HTTP (not HTTPS) and any path.
10.10.10.10:*
Allow requests to 10.10.10.10
on any port using any protocol and any path.
https://example.net/foo
Allow requests to example.net
using strictly HTTPS (not HTTP) and the path “/foo”. Requests must be made to the standard port for HTTPS.
https://example.net/foo/*
Allow requests to example.net
using strictly HTTPS (not HTTP) and any path beneath “/foo”. Requests must be made to the standard port for HTTPS.
google.com
This would allow any protocol or path from google.com
root domain, but does not allow a subdomain.
In the next section, we'll cover the autofill capabilities.
Last updated
Was this helpful?