Solved

[ QUESTION ] URL List matching behaviour

Forum|Forum|3 years ago
October 21, 2022
2 replies
203 views

+12

oscar
Netskope Partner

Hello all, thanks for reading.

We are working on migrating URL lists from ProxySG to Netskope.

There are several URL lists defined for ProxySG whose matching behaviour is as follows:

Imagine there are two URL lists defined: List1 and List2

List1:

api.facebook.com

List2:

facebook.com

The following URLs will match as follows in proxySG:

api.facebook.com -> matches List1

sub.api.facebook.com -> matches List1

sub.facebook.com -> matches List2

facebook.com -> matches List2

**Notice it matches the URL list containing the most similar entry

How is Netskope handling the above scenario where a URL can be matched in multiple URL lists?

How does URL list matching works in Netskope?

Does exact match implicitly include subdomains? (e.g. sub2.sub1.domain.com)
Does exact match implicitly include any path? (e.g. [subdomain.]domain.com/path1/path2?param1=0&param2=1)
Does regex match type require a full match from start to end of the value? e.g.
Is regex match type the only way to implement partial matches (startsWith, endsWith, contains, etc)?

Thanks a lot in advance,

Òscar

Best answer by MHB_CSC

Hi Oscar,

The short answer is:

www.example.com -> matches only www.example.com

*.example.com -> matches any subdomain of example.com and also "example.com"

NOTE: asterisk before is ok, asterisk after is not supported.

For example: www.example.com/path/to/resource is OK, but www.example.com/* is not supported.

A complete list with examples is here: https://docs.netskope.com/en/url-lists.html

I hope this helps.

Adrian Larsen

Cloud Security Connectors for Netskope

Maidenhead Bridge

This topic has been closed for replies.

M

+9

MHB_CSC
Explorer II
Answer
Forum|Forum|3 years ago
October 21, 2022

Hi Oscar,

The short answer is:

www.example.com -> matches only www.example.com

*.example.com -> matches any subdomain of example.com and also "example.com"

NOTE: asterisk before is ok, asterisk after is not supported.

For example: www.example.com/path/to/resource is OK, but www.example.com/* is not supported.

A complete list with examples is here: https://docs.netskope.com/en/url-lists.html

I hope this helps.

Adrian Larsen

Cloud Security Connectors for Netskope

Maidenhead Bridge

Adrian LarsenMaidenhead BridgeCloud Security Connectors for Netskope

Like

+11

zthompson
Netskope Employee
Forum|Forum|3 years ago
October 21, 2022

Advice: Do not bring over tons of URLs to Netskope. Use cloud apps when necessary to maximize your control over the application and any activity that is performed. Re-think your strategy when making policy in Netskope as you maybe used to legacy filtering platforms. If you need help please contact your account teams for policy help and advice.

Like

[ QUESTION ] URL List matching behaviour

2 replies

Badges Winner

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Badges Winner

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Sign up

Sign in or register securely using Single Sign-On (SSO)

Login to the community

Sign in or register securely using Single Sign-On (SSO)

Scanning file for viruses.

This file cannot be downloaded