diff --git a/rules/proxy/proxy_susp_flash_download_loc.yml b/rules/proxy/proxy_susp_flash_download_loc.yml
index 402bcb514..dc9f44869 100644
--- a/rules/proxy/proxy_susp_flash_download_loc.yml
+++ b/rules/proxy/proxy_susp_flash_download_loc.yml
@@ -10,11 +10,11 @@ logsource:
     category: proxy
 detection:
     selection:
-        c-uri-query:
-            - '*/install_flash_player.exe'
-            - '*/flash_install.php*'
+        c-uri-query|contains:
+            - '/install_flash_player.exe'
+            - '/flash_install.php'
     filter:
-        c-uri-stem: '*.adobe.com/*'
+        c-uri-stem|contains: '.adobe.com/'
     condition: selection and not filter
 falsepositives:
     - Unknown flash download locations
@@ -27,4 +27,4 @@ tags:
     - attack.t1204  # an old one
     - attack.defense_evasion
     - attack.t1036.005
-    - attack.t1036  # an old one
\ No newline at end of file
+    - attack.t1036  # an old one