URL blocking exceptions


You are looking for assistance for the URL blocking exception.


  • Chrome OS
  • Chrome Browser for Windows, Mac and Linux


Blocked URLs

Prevents Chrome browser users from accessing specific URLs.

To configure this setting, enter up to 1,000 URLs on separate lines.

Blocked URL exceptions

Specifies exceptions to the list of blocked URL. To configure the setting, enter up to 1,000 URLs on separate lines.

URL syntax

Each URL must have a valid hostname (such as google.com), an IP address, or an asterisk (*) in place of the host. The asterisk functions like a wildcard, representing all hostnames and IP addresses.

URLs can also include:

  • The URL scheme, which is http, https, or ftp, followed by ://
  • A valid port value from 1 to 65,535
  • The path to the resource
  • Query parameters


  • To disable subdomain matching, put an extra period before the host.
  • You cannot use user:pass fields, such as http://user:pass@ftp.example.com/pub/bigfile.iso. Instead, enter http://ftp.example.com/pub/bigfile.iso.
  • When both blocked URLs and blocked URLs exception filters apply (with the same path length), the exception filter takes precedence.
  • If an extra period precedes the host, the policy filters exact host matches only.
  • You cannot use a wildcard at the end of a URL, such as https://www.google.com/* and https://google.com/*.
  • The policy searches wildcards (*) last.
  • The optional query is a set of key-value and key-only tokens delimited by '&'.
  • The key-value tokens are separated by '='.
  • A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
  • locking internal chrome://* and chrome-untrusted://* URLs can lead to unexpected errors or can be circumvented in some cases. Instead of blocking certain internal URLs, see if there are more specific policies available.


Blocked URLs entryResult
example.comBlocks all requests to example.comwww.example.com, and sub.www.example.com
http://example.comBlocks all HTTP requests to example.com and any of its subdomains, but allows HTTPS and FTP requests
https://*Blocks all HTTPS requests to any domain
mail.example.comBlocks requests to mail.example.com but not to www.example.com or example.com
.example.comBlocks example.com but not its subdomains, like example.com/docs
.www.example.comBlocks www.example.com but not its subdomains
*Blocks all requests to URLs except for those listed as a blocked URL exception. This includes any URL scheme, such as http://google.com, https://gmail.com, and chrome://policy.
*:8080Blocks all requests to port 8080
*/html/crosh.htmlBlocks Chrome Secure Shell (Also known as Crosh Shell)



Blocks all requests to chrome://os-settings

example.com/stuffBlocks all requests to example.com/stuff and its subdomains requests to
youtube.com/watch?v=V1Blocks youtube video with id V1