WebBlocker Exceptions Patterns

Add Ecceptions to Watchguard WebBlocker - Patterns matching

Add WebBlocker Exceptions

If you want WebBlocker to always allow or always deny access to a website, regardless of the content category, you can add a WebBlocker exception for that site. You can add a WebBlocker exception that is an exact match of a URL, a pattern match of a URL, or a regular expression.

WebBlocker does not include query strings (the part of a URL that starts with the ? character) in the categorization request it sends to the WebBlocker Server. This means that you cannot create a WebBlocker exception to block specific queries.

Exact match

Exact matches match an exact URL or IP address, character by character. You cannot use wildcards, and you must type each character exactly as you want it to be matched. For example, if you enter an exception to allow www.yahoo.com as an exact match only, and a user types “www.yahoo.com/news”, the request is denied.

Pattern match

Pattern matches match a pattern in the URL or IP address, for example “pattern” in www.pattern.com. Make sure to drop the leading “http://” and include “/*" at the end. Use the wildcard symbol, *, to match any character. You can use more than one wildcard in one pattern. For example, the pattern www.somesite.com/* will match all URL paths on the www.somesite.com website. To enter a network address, use a pattern match that ends in a wildcard. For example, to match all the websites at on port 8080, set the directory to “*”.

Regular expression

Regular expression matches use a Perl-compatible regular expression to make a match. For example, \.[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. When you create a regular expression to match URL path, do not include the leading “http://”. Regular expressions support wild cards used in shell scripts. For example:

  • The regular expression: “(www\.)?watchguard\.[com|net]” matches URL paths including www.watchguard.com, www.watchguard.net, watchguard.com, and watchguard.net
  • The regular expression: 1.1.1.[1-9] matches all IP addresses from to

Regular expressions are more efficient, in terms of CPU usage, than pattern matches. For best performance, we recommend that you use regular expressions rather than pattern matches to define your WebBlocker exceptions, when several exceptions are configured. You can create a regular expression that is equivalent to a pattern match. For example, the pattern match *.hostname.com/* is equivalent to the regular expression ^[0-9a-zA-Z\-\_.]{1,256}hostname\.com.

For more information about how to use regular expressions, see About Regular Expressions.

After you add an exception for to allow connections to a URL, test the connection to the website to make sure that content on the site displays correctly. Many web sites include references to content located at other sites, or use a content delivery network (CDN) to host content. Users might not see a deny message in the web browser when WebBlocker denies access to referenced content.

If you select the Deny website access option to deny access to URLs that do not match an exception, select the Log this Action check box so that you can see log messages about denied URLs in Traffic Monitor. This can help you troubleshoot any issues with blocked access to content at a different URL.

    • Related Articles

    • Add a shared mailbox to Outlook mobile

      Outlook for iOS If you use Outlook for iOS or Outlook for Android, you can add a shared mailbox you have permissions to access on Outlook Mobile. Use a shared mailbox on a mobile device (phone or tablet) To access a shared mailbox on a mobile device, ...
    • Watchguard Mobile SSL VPN error "Cannot perform http request 12029"

      When using the Watchguard Mobile VPN Client with SSL, you may not be able to connect and see the following entry in the Watchguard log: "FAILED: Cannot perform http request 12029 failed to get domain name" This occurs if you have Internet Explorer or ...
    • Get URL - Domain in Watchguard Reports

       To get URL reports instead of IP addresses. In order for Dimension to generate any URL or Domains , you will need to use proxy such as HTTP and HTTPs proxy . Under proxy action , you can enable Logging for Report. 
    • Complete-Mail - Iphone Settings

      Under Mail Accounts Add Account Choose EXCHANGE Server  -  us.exg7.exghost.com domain    exg7.exghost.local user is the users email address  ex:  user@domain.com then the password This will then add an Email Account to the Mail on the Iphone.
    • Complete-Mail Pop Server Settings

      How to Configure POP Mail Settings in Outlook (Manual Setup) for Pop Account Use Complete-Mail Hosted Exchange Prerequisite:  Set up Hosted Exchange Lite service for the user in the Customer Portal 1. On the Control Panel in Windows, click the Mail ...