Filter format for Microsoft Edge URL policies | Microsoft Docs
source link: https://docs.microsoft.com/en-us/DeployEdge/edge-learnmmore-url-list-filter%20format
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Filter format for URL list-based policies
- 05/01/2020
- 3 minutes to read
In this article
This article describes the filter format used for the Microsoft Edge URL list-based policies (For example, URLBlocklist, URLAllowList, and CertificateTransparencyEnforcementDisabledForUrls policies.
This article applies to Microsoft Edge version 77 or later.
The filter format
The filter format is:
[scheme://][.]host[:port][/path][@query]
The fields in the filter format are:
Comparing the filter format to the URL format
The filter format resembles the URL format, except for the following differences:
- If you include "user:pass", it will be ignored. For example, http://user:[email protected]/pub/example.iso.
- If you include a fragment identifier ("#"), it and everything that follows the identifier is ignored.
- You can use a wildcard ("*") as the host and you can prefix it with a dot (".").
- You can use a forward slash ("/") or a dot (".") as a suffix for the host. In this case, the suffix is ignored.
Filter selection criteria
The filter selected for a URL is the most specific match found after processing the following filter selection rules:
Filters with the longest host match are selected first.
From the selected filters, any filter with a non-matching scheme or port is discarded.
From the remaining filters, the filter with the longest matching path is selected.
From the remaining filters, the filter with the longest set of query tokens is selected. At this step, the allow list filter takes precedence over the block list filter if both filters have the same path length and number of query tokens.
If there's no valid filter remaining, then the left-most subdomain is removed from host and the selection process starts over at step 1. The special asterisk ("*") host is the last searched and it matches all hosts.
If a filter's available, it blocks or allows the URL request.
The default behavior is to allow the URL request if no filter is matched.
Example filter selection criteria
In this example, when searching for a match to "https://sub.contoso.com/docs" the filter selection will:
- Search for a filter for "sub.contoso.com". If it finds a filter, the search moves to step 2. If a filter isn't found, then it tries again with "contoso.com", "com", and finally "".
- From the selected filters, any that don't have "http" in the scheme are removed.
- From the remaining filters, any that have an exact port number that isn't "80" are removed.
- From the remaining filters, any that don't have "/docs" as a prefix of the path are removed.
- From the remaining filters, the filter with the longest path prefix is selected and applied. If a filter isn't found, the selection process starts over again at step 1. The process is repeated with the next subdomain.
Additional filter information
If a filter has a dot (".") prefixing the host then only exact host matches are filtered. For example:
- "contoso.com" (no dot) will match "contoso.com", "www.contoso.com", and "sub.www.contoso.com"
- ".www.contoso.com" (with a dot prefix) will only match "www.contoso.com"
You can use either a standard or customer schema. Supported standard schemas include:
- about, blob, content, edge, cid, data, file, filesystem, ftp, gopher, http, https, javascript, mailto, ws, and wss.
Any other schema is treated as a custom schema, but only the schema:* and schema://* patterns are allowed. For example:
- "custom:" or "custom://" will match "custom:app"
- "custom:app" or "custom://app" are invalid
schema and host aren't case-sensitive. For example:
- "http://contoso.com" filter matches "HTTP://contoso.com", "http://contoso.COM", and "http://contoso.com"
path and query are case-sensitive. For example:
- "http://contoso.com/path?query=A" filter doesn't match "http://contoso.com/Path?query=A" or "http://contoso.com/path?Query=A". It does match "http://contoso.COM/path?query=A".
Content license
Portions of this page are modifications based on work created and shared by Chromium.org and used according to terms described in the Creative Commons Attribution 4.0 International License. The original Chromium page can be found here.
This work is licensed under a Creative Commons Attribution 4.0 International License.
See also
Is this page helpful?
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK