Subdomain URI Matching

This feature request is for an additional URI matching type: subdomain matching.

A case is where an application has a number of servers, so the user gets redirected to login at a random server:

but it should not match other company domains, such as:

In this situation, the existing options for URI matching do not work:

Base domain would match every URI for company.com
Host doesn’t work because you’d have to enter every possible server, which the user wouldn’t know
Starts with and Exact don’t work because each server starts with a different value

Which means, the only solution is Regular expression, but as the help warns “Regular expressions are an advanced option and can be quite dangerous if used incorrectly. You should not use this option if you do not know exactly what you’re doing.” Regular expressions are not user firiendly.

The simplest solution is for Subdomain URI Matching to match on exactly the last 3 nodes of the host name – just like Base domain except for one more node.

A more complicated solution would be to match on whatever is entered in the host part of the URI, as long as it is matching complete nodes. For example, if the URI is entered as:

then it would match on any host that is exactly alice.bob.charlie.domain.com or ends with .alice.bob.charlie.domain.com.

Note: I would think this has been suggested already but I can’t find it.

Hey Michael - welcome! I like your suggestion and I can see how it would be helpful to you. I hope the Bitwarden devs can incorporate this at some point.

In the meantime, and for the sake of anyone faced with the same issue, you can safely add this regex rule to your URI match scheme to achieve your match:

^https://[a-zA-Z0-9]+\.appname\.company\.com

Also, if you need to exclude a URI like http://otherapp.company.com, you can add that to another URI rule and set the match to NEVER (I find this quite handy when dealing with many subdomain URIs). Cheers!

1 Like