URL Patterns & Resource URL Patterns

Allowed URLs and Resources in the Remote Browser Isolation session

Overview

This guide will go over the following PAM settings section for the PAM Browser Record:

  • URL Patterns

  • Resource URL Patterns

URL Patterns & Resource URL Patterns

The format of the URL patterns accepted by the “Allowed URL Patterns” and “Allowed Resource URL Patterns” parameters is identical to any URL and dictates exactly which URLs are allowed to be used. They are enforced according to the following criteria:

  • Any aspect of the URL that is omitted from the pattern is ignored (not enforced as a requirement), except that standard port numbers are considered to have been specified if a scheme is specified.

  • A *. wildcard prefix may be used for domain names to indicate "any subdomain of a particular domain".

  • A * wildcard may be used in place of a path to more visibly and explicitly note that any value is allowed.

  • A * wildcard may be used at the end of a path to indicate that any subpath of that path is allowed.

  • A * wildcard may be used in place of a port number to indicate that any port is allowed.

For example:

Pattern

Meaning

accounts.google.com

Allow requests to the domain accounts.google.com involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved.

*.youtube.com

Allow requests to any subdomain of youtube.com involving any protocol and any path. Requests must be made to the standard port for whatever protocol is involved.

http://10.10.10.10:8080

Allow requests to 10.10.10.10 on port 8080 using strictly HTTP (not HTTPS) and any path.

10.10.10.10:*

Allow requests to 10.10.10.10 on any port using any protocol and any path.

https://example.net/foo

Allow requests to example.net using strictly HTTPS (not HTTP) and the path “/foo”. Requests must be made to the standard port for HTTPS.

https://example.net/foo/*

Allow requests to example.net using strictly HTTPS (not HTTP) and any path beneath “/foo”. Requests must be made to the standard port for HTTPS.

google.com

This would allow any protocol or path from google.com root domain, but does not allow a subdomain.

In the next section, we'll cover the autofill capabilities.

Last updated

Was this helpful?