diff --git a/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts b/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts
index 2c8428a6300..c8f144bdaf3 100644
--- a/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts
+++ b/src/vs/workbench/contrib/url/browser/trustedDomainsValidator.ts
@@ -283,13 +283,15 @@ const doURLMatch = (
 		options.push(doURLMatch(memo, url, trustedURL, urlOffset, trustedURLOffset + 2));
 	}
 
-	if (trustedURL[trustedURLOffset] + trustedURL[trustedURLOffset + 1] === '.*' && url[urlOffset] === '.') {
-		// IP mode. Consume one segment of numbers or nothing.
-		let endBlockIndex = urlOffset + 1;
-		do { endBlockIndex++; } while (/[0-9]/.test(url[endBlockIndex]));
-		if (['.', ':', '/', undefined].includes(url[endBlockIndex])) {
-			options.push(doURLMatch(memo, url, trustedURL, endBlockIndex, trustedURLOffset + 2));
+	if (trustedURL[trustedURLOffset] === '*') {
+		// Any match. Either consume one thing and don't advance base or consume nothing and do.
+		if (urlOffset + 1 === url.length) {
+			// If we're at the end of the input url consume one from both.
+			options.push(doURLMatch(memo, url, trustedURL, urlOffset + 1, trustedURLOffset + 1));
+		} else {
+			options.push(doURLMatch(memo, url, trustedURL, urlOffset + 1, trustedURLOffset));
 		}
+		options.push(doURLMatch(memo, url, trustedURL, urlOffset, trustedURLOffset + 1));
 	}
 
 	if (trustedURL[trustedURLOffset] + trustedURL[trustedURLOffset + 1] === ':*') {
diff --git a/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts b/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts
index 6f8ec1ad0ab..77144c9815a 100644
--- a/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts
+++ b/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts
@@ -116,6 +116,14 @@ suite('Link protection domain matching', () => {
 		linkNotAllowedByRules('http://192.168.1.7:3000/', ['http://192.168.*.6:*']);
 	});
 
+	test('scheme match', () => {
+		linkAllowedByRules('http://192.168.1.7/', ['http://*']);
+		linkAllowedByRules('http://twitter.com', ['http://*']);
+		linkAllowedByRules('http://twitter.com/hello', ['http://*']);
+		linkNotAllowedByRules('https://192.168.1.7/', ['http://*']);
+		linkNotAllowedByRules('https://twitter.com/', ['http://*']);
+	});
+
 	test('case normalization', () => {
 		// https://github.com/microsoft/vscode/issues/99294
 		linkAllowedByRules('https://github.com/microsoft/vscode/issues/new', ['https://github.com/microsoft']);