Policy not matching when trying to control a URL containing a query string