WebSocket URL (ws / wss) Regex for Python

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching websocket url (ws / wss), ported and verified for Python. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your Python project — whether you're validating in a Django view, a FastAPI endpoint, or a standalone data processing script.

Python Implementation

# WebSocket URL (ws / wss)
# ReDoS-safe | RegexVault — Web & Network > URL

import re

websocket_url_ws_wss_pattern = re.compile(r'^wss?://(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)*[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?(?::(?:6553[0-5]|655[0-2][0-9]|65[0-4][0-9]{2}|6[0-4][0-9]{3}|[1-5][0-9]{4}|[1-9][0-9]{0,3}))?(?:/[^\s]*)?$')

def validate_websocket_url_ws_wss(value: str) -> bool:
    return bool(websocket_url_ws_wss_pattern.fullmatch(value))

# Example
print(validate_websocket_url_ws_wss("ws://example.com"))  # True

Test Cases

When to use this pattern

This pattern is drawn from the Web & Network > URL category and carries a ReDoS-safe certification. That matters for Python developers because particularly important in Python web servers where CPU-bound regex operations can stall concurrent request handling. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Technical Notes

ws:// is the unsecured WebSocket protocol (analogous to http://). wss:// is WebSocket over TLS (analogous to https://). Production systems should always use wss://.