Firewalls and other security devices typically enforce policies against network transmissions based on a set of rules. In some cases, the rules may be based on uniform resource locator (URL) information, such as by preventing a user from accessing a specific URL (e.g., denying access to http://www.example.com), or by preventing a user from accessing a category of the URL (e.g., denying access to sites classified as “social networking” sites or “pornographic” sites). Unfortunately, given the sheer volume of URLs in existence, it can be difficult to efficiently match rules that make use of URL information.