Mimecast Web Security: Block or Allow Policy Rules / Examples

Document created by user.oxriBaJeN4 Employee on Feb 18, 2019Last modified by user.oxriBaJeN4 Employee on Apr 4, 2019
Version 15Show Document
  • View in full screen mode

This guide outlines the syntax for adding domains / URLs to a Block or Allow List policy, and provides examples of the domains / URLs that would be accepted or blocked. This guide should be read in conjunction with the Mimecast Web Security: Managing a Policy page.


Block or Allow List Policy Rules

When using Block or Allow List policies, a URL take precedence over a domain as it is more specific.

Domain / URL Syntax


When you're entering a domain / URL, consider the following syntax rules:

RuleEntered Domain / URLAccepted Domain / URL

Wildcard characters are not accepted and are treated as normal alphanumeric characters.


The domain is not accepted and must be corrected. 

The * character is not accepted as part of a domain. It is accepted as part of a URL, but not as a wildcard character.

"http://", "https://", and FTP prefixes are stripped from the URL.http://www.domain.comwww.domain.com
Ports are stripped from the URL.http://subdomain.domain.user:8080/path/subdomain.domain.user/path
Fragments are stripped from the URL.www.domain.com/#anchorwww.domain.com
Query parameters are accepted.http://subdomain.com/abccd?z=1&text=yessubdomain.com/abccd?z=1&text=yes


Domain / URL Examples


The following examples outline the domains / URLs that will be blocked or allowed if the Block or Allow List policy is set to the specified value.


URL Paths


URL used:  http://domain.com/abc/


URLAllowed / BlockedComments
http://domain.com/abcYesThis is an exact match.
http://domain.com/abc/textYesSub-paths are covered by a higher level path.
https://domain.com/abcYesThis is an exact match as the scheme is ignored.
http://domain.com/abc?q=searchtextYesAny parameters specified are covered by a higher level path.
http://www.domain.com/abc/YesA wildcard is implicit for a sub-domain.
http://otherdomain.com/abc/NoThe top level domain is different.
https://domain.com/ABC/textNoThe path is case sensitive.
http://domain.comNoThe path is shorter / longer than the specified URL.


Query Parameters


URL used:  https://domain.com/abccd?z=1&text=yes


URLAllowed / BlockedComments
http://domain.com/abccd?z=1&text=yesYesThis is an exact match.
http://domain.com/abccd?text=yes&z=1YesThe parameter order is ignored.
http://domain.com/abccd?text=YES&z=1NoParameters are case sensitive. 
https://domain.com/abccd?z=1&text=yes&id=1234YesAdditional query parameters are ignored.
http://domain.com/abc?NoThe path is shorter / longer than the specified URL.


See Also...


1 person found this helpful