A serious error was discovered in the implementation of this feature, as disclosed in an advisory. The ignoreCase attribute was implemented in reverse by mistake, and so the default value of "true" actually causes case-sensitive matching, generally not the intended result. Pending the release of V2.6.0 in the summer of 2016, most deployers will want to include ignoreCase="false" when using this feature, along with a comment to revisit it once 2.6.0 is released, at which time a new setting with the proper implementation will be provided. In the V2.6 release the new caseSensitive attribute, with a default of false, controls the case sensitivity.


The <PathRegex> element is used to apply content rules to requests whose path matches a regular expression. The query string, if any, is NOT included in the comparison.

Regular expressions apply to the remainder of the path that is being compared and do not "nest", so if you care what's after the part you're matching, then choose your expression to check for that.


<RequestMapper type="Native">
    <RequestMap applicationId="default">
        <Host name="sp.example.org">
            <Path name="secure">
                <!-- Note the reversed ignoreCase setting, see the warning above. -->
                <PathRegex regex="(en|de|it|fr)/create/new/class" ignoreCase="false" authType="shibboleth" requireSession="true">
                    <AccessControl><NOT><Rule require="affiliation">student</Rule></NOT></AccessControl>


Content Specifiers

Version 2.6 and Above


Content Settings

XML attributes corresponding to request mapper properties are used.

Child Elements

Access Control

Nested Content Specifiers

For more details on how the request mapping process works, see the request mapper HOWTO.