Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

url-pattern

Syntax

Hierarchy Level

Description

Use URL pattern lists to create custom URL category lists. These are lists of patterns that bypass scanning.

Warning:

Custom category does not take precedence over predefined categories when it has the same name as one of the predefined categories. We do not recommend having a custom category name be the same as the predefined category name.

Starting in Junos OS Release 20.4R1, the URL filtering supports the regular expression format given in Table 1.

Table 1: Regular Expression Format

Syntax

Pattern Format

Description

Example

Asterisk (*) in domain name

Pattern = [*].sub-domain..sub-domain

Asterisk should be at the head only.

Match 0-N words in domain name.

*.juniper.net

*.net

Caret (^) in domain name

Pattern = [^]..[^].sub-domain.[^]..[^].sub-domain.[^]..[^]

Caret could be at any place.

Match one word in domain name.

^.google.^.^

a.^.b

Question Mark (?) in domain name

Pattern = sub-domain.sub-domain.sub-do[?][?]

Question mark should be at the tail only.

Match one character in domain name.

dev.local?

www.yahoo.??

All wildcard

Pattern = *, or *.*, or *.*.*

Special pattern.

Match all URLs.

Same as pattern.

Prefix in URL path

Pattern = <domain-name>/[prefix]

Match the longest prefix in the URL path.

<domain>/watch?

<domain>/news/

Keywords in URL path

Pattern = <domain-name>/[prefix][*token][*token][*token]

Match keywords in URL path.

Support 0-3 tokens.

<domain>/pub/*/crypto/*.gz

<domain>/video?*key1*key

The system validate the URL patterns when you commit the configuration. If you configure an invalid pattern, the system shows a popup warning with the first bad character in (). For example, the pattern a.*.com shows a warning message Pattern a.(*).com not supported.

Starting in Junos OS Release 20.4R1, we have introduced a golden match for multiple URL patterns. When you configure multiple patterns for one domain, sometimes a specific URL could match multiple patterns, then the URL filtering module selects the best out of these patterns, which is the golden match. For the selection of the golden match, the URL filtering module prioritizes the URL pattern in the following sequence:

  1. Select the best domain name pattern to match.

  2. Within the same domain name pattern, select the longest prefix match of the URL path.

  3. Within the same domain name pattern and same URL path prefix, keyword match will take the priority.

For example, if you configure the following four patterns:

  1. Pattern 1 = finance.abc.com/gb/chinainternet/

  2. Pattern 2 = finance.abc.^/gb/chinamkt/

  3. Pattern 3 = finance.abc.^/gb/chinamkt/*.shtml

  4. Pattern 4 = *.abc.com/gb/chinamkt/chinamkt_cn

For the URL https://finance.abc.com/gb/chinamkt/chinamkt_cn/sinacn/2020-03-29/doc-ifzuwpay8845719.shtml, the golden match section will be as follows:

  1. URL filtering module considers all the four patterns as a potential match in the domain name match stage, and the priority order is:

    finance.abc.com > finance.abc.^ > *.abc.com.

  2. Within the same domain name pattern, the URL filtering module considers the longest prefix match of the URL path.

    • Pattern 1 does not match the URL path and the URL filtering module skips pattern 1.

    • Pattern 2 and pattern 3 have the same prefix in the URL path. Hence, the keywords match controls the golden match selection. Finally, the URL filtering module prefers pattern 3 that has the longest keywords match as the golden match.

Options

  • object-name—Name of the URL list object.

  • value value—Value of the URL list object. You can configure multiple values separated by spaces and enclosed in square brackets.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.5.

Related Documentation