declare local var.url_string STRING;
declare local var.domain_string STRING;

// Decode percent-encoded query string parameter 'url'
set var.url_string = urldecode(querystring.get(req.url, "url"));

// Extract domain from query string
if (var.url_string ~ "^https?://([^/]*)/"){
  set var.domain_string = re.group.1;

  // Check if the domain exists in the table
  if (!table.lookup(valid_domain, var.domain_string)) {
    log "Invalid domain: " + var.domain_string;
    error 403;
  }
} else {
  log "unable to extract domain from query string";
  error 400;
}

log "all good.  Domain in query param is " + var.domain_string + ", which is on the allow list";