Blobs can be stored as URLs that are resolved when the blob is accessed (persistent URL blobs). This feature is restricted to HTTP and HTTPS URLs by default, because other URLs like file URLs might point to sensitive data that can be exfiltrated by injecting a malicious URL into the content repository. To control the allowed URLs for URL blobs, set the Content Server property cap.server.blobUrlPattern to a regular expression that matches the allowed URLs. Note that the pattern is used to check URLs during writes and does not affect already stored blobs.