A Forum reader recently asked:

“I been observing that sub-domains can be accessed when the main domain is blocked. For example, can be access when is in the ACL list as blocked. Can wildcards be used like when filtering file extensions? Will * work as a filter?”

And here’s the response from Craig Johnson …


Yes, wildcards can, and should, be used in access rules. It is typical to have entries like these:


(These would both be in the same rule, though you would think the second rule would cover all bases).

Note that you can’t use a https rule – it will be ignored. You can, however, use a port 443 rule blocking a domain, and some people here have reported success with a rule like*.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
Sep 26, 2007
4:02 am
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management IT Security Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Supported Troubleshooting Workflow