URL filtering when a URL/domain is present in multiple custom categories

Sometimes customers add a URL/domain in multiple custom categories for different use cases. The behavior is confusing when a wildcard URL is added in one custom category and an exact matching URL/subdomain is added in another custom category. Some customers have asked for the following ER for such requirements -
ER-4230: Honor rule order if a domain is present in multiple custom categories

In this post I want to clarify that customers’ requirements mentioned in this ER can be met today with proper configuration.

In most cases, adding the full URL/subdomain to custom category with wildcard entry should be able to solve the requirement.

Custom URL Categories:
Whitelist1 contains .whatsapp.com, faq.whatsapp.com
Whitelist2 contains faq.whatsapp.com

URL Filtering Rules:
Rule1: User1, Category Whitelist1, Allow
Rule2: User1 , Category ANY, Block
Rule3: User2, Category Whitelist2, Allow
Rule4: User2, Category ANY, Block

With the above config, User1 is able to access web.whatsapp.com and faq.whatsapp.com but not espn.com.
User2 is able to access faq.whatsapp.com but not web.whatsapp.com or espn.com.

As per design, exact match of URL in custom category is preferred over wildcard matches for category identification. All categories matching the URL are considered for URL filtering rule processing. First URL filtering rule matching all criteria is executed.

In the above example, both Whitelist1 and Whitelist2 categories are assigned to subdomain faq.whatsapp.com. Rule1 is executed for User1 when accessing faq.whatsapp.com. Rule3 is executed for User2 when accessing faq.whatsapp.com.

So, the use case mentioned in ER-4230 can be met today by making config changes described above.

Alternately, the requirement can also be met without adding faq.whatsapp.com in Whitelist1 by adding both Whitelist1 and Whitelist2 in Rule1 criteria.

Kindly let me know if there is a case where these solution do not work.
Any questions, please ask.