Skip to main content
Edge Rules use a powerful wildcard matching system for trigger paths. Understanding how to properly configure these patterns helps you create precise rules that trigger only when needed.

Wildcard basics

The * wildcard matches any sequence of characters. You can use it anywhere in the trigger path:
PatternMatchesDoes Not Match
*.jpg/image.jpg, /photos/sunset.jpg/image.png, /image.jpg.bak
/images/*/images/logo.png, /images/photos/cat.jpg/img/logo.png
*://example.com/*https://example.com/page, https://example.com/file.csshttps://sub.example.com/page

Common patterns

Matching by file extension

To match all files with a specific extension, use *.extension: 
*.mp4
This matches any .mp4 file regardless of path depth.

Matching subdomains

Use wildcards to match all subdomains or exclude them:
PatternDescription
*://*.example.com/*Matches all subdomains
*://example.com/*Matches only the root domain (no subdomain)
*://*example.com/*Matches root domain and all subdomains

Matching specific paths

PatternMatches
/api/*All paths starting with /api/
*/admin/*Any URL containing /admin/
/v1/*/usersPaths like /v1/api/users, /v1/service/users

Important considerations

Query parameters are not matched

Trigger paths do not match query strings or any data after the filename. Only the absolute URL path is evaluated.
For example, if your trigger path is *.jpg, it will match:
  • /image.jpg
  • /image.jpg?width=100
Both URLs match because the query string (?width=100) is ignored during pattern matching.

HTTP vs HTTPS scheme matters

The trigger path is compared as a complete string, including the scheme. Make sure to account for both protocols:
PatternMatches
http://example.com/*Only HTTP requests
https://example.com/*Only HTTPS requests
*://example.com/*Both HTTP and HTTPS requests
Use *:// to match both HTTP and HTTPS if your rule should apply regardless of protocol.

Trailing slashes are required for root paths

Due to HTTP protocol design, the trigger path always contains a trailing slash when accessing a root path.
A trigger path of http://example.com will never match because requests to the root always include a trailing slash. Use http://example.com/ instead.
Trigger PathWill Match Root?
http://example.comNo
http://example.com/Yes
*://example.com/*Yes

Examples

Trigger path: */admin/*This blocks access to any URL containing /admin/ in the path, such as:
  • https://example.com/admin/dashboard
  • https://example.com/app/admin/users
Trigger path: *.jpg (repeat for each extension)Or use the File Extension condition type instead, which allows you to specify extensions like jpg, png, gif without wildcards.
Trigger path: *://cdn.example.com/*This matches all requests to cdn.example.com regardless of protocol, path, or query string.
You’ll need two rules:
  1. First rule (higher priority): Allow /api/public/* - use Disable action or skip
  2. Second rule (lower priority): Apply your action to /api/*
See Rule Ordering for more on rule priority.