diff --git a/config/envoyconfig/listeners.go b/config/envoyconfig/listeners.go
index 0f0cb4311..567bc51c7 100644
--- a/config/envoyconfig/listeners.go
+++ b/config/envoyconfig/listeners.go
@@ -853,7 +853,7 @@ func hostMatchesDomain(u *url.URL, host string) bool {
 func getPoliciesForDomain(options *config.Options, domain string) []config.Policy {
 	var policies []config.Policy
 	for _, p := range options.GetAllPolicies() {
-		if p.Source != nil && hostMatchesDomain(p.Source.URL, domain) {
+		if p.Source != nil && p.Source.URL.Hostname() == domain {
 			policies = append(policies, p)
 		}
 	}
diff --git a/config/envoyconfig/listeners_test.go b/config/envoyconfig/listeners_test.go
index a49b11ae4..6db5a70b3 100644
--- a/config/envoyconfig/listeners_test.go
+++ b/config/envoyconfig/listeners_test.go
@@ -604,7 +604,7 @@ func Test_buildDownstreamTLSContext(t *testing.T) {
 			Key:  aExampleComKey,
 			Policies: []config.Policy{
 				{
-					Source:                &config.StringURL{URL: mustParseURL(t, "https://a.example.com")},
+					Source:                &config.StringURL{URL: mustParseURL(t, "https://a.example.com:1234")},
 					TLSDownstreamClientCA: "TEST",
 				},
 			},