diff --git a/CHANGELOG.md b/CHANGELOG.md
index d88a1715..fc92d74f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 2.4.1 (August 23, 2024)
+* Fixed validation regex for redirects
+
 ## 2.4.0 (July 22, 2024)
 * Remove ns1_subnet provider, used for dhcp/ipam resources
 
diff --git a/ns1/config.go b/ns1/config.go
index 4343edc1..80b40619 100644
--- a/ns1/config.go
+++ b/ns1/config.go
@@ -19,7 +19,7 @@ import (
 )
 
 var (
-	clientVersion     = "2.4.0"
+	clientVersion     = "2.4.1"
 	providerUserAgent = "tf-ns1" + "/" + clientVersion
 	defaultRetryMax   = 3
 )
diff --git a/ns1/resource_redirect.go b/ns1/resource_redirect.go
index 9f97a4f9..bbe089f6 100644
--- a/ns1/resource_redirect.go
+++ b/ns1/resource_redirect.go
@@ -338,7 +338,7 @@ func RedirectCertUpdate(d *schema.ResourceData, meta interface{}) error {
 func validateDomain(val interface{}, key string) (warns []string, errs []error) {
 	v := val.(string)
 
-	match, err := regexp.MatchString("^(\\*\\.)?([\\w-]+\\.)*[\\w-]+$", v)
+	match, err := regexp.MatchString("^(\\*\\.)?([a-zA-Z0-9\\-]+\\.)+[a-zA-Z0-9]+$", v)
 	if err != nil {
 		errs = append(errs, fmt.Errorf("%s is invalid, got: %s, error: %e", key, v, err))
 	}
@@ -354,7 +354,7 @@ func validateDomain(val interface{}, key string) (warns []string, errs []error)
 func validatePath(val interface{}, key string) (warns []string, errs []error) {
 	v := val.(string)
 
-	match, err := regexp.MatchString("^[*]?[a-zA-Z0-9\\.\\-/$!+(_)' ]+[*]?$", v)
+	match, err := regexp.MatchString("^[*]?[a-zA-Z0-9\\.\\-/_~%%]+[*]?$", v)
 	if err != nil {
 		errs = append(errs, fmt.Errorf("%s is invalid, got: %s, error: %e", key, v, err))
 	}
@@ -370,7 +370,7 @@ func validatePath(val interface{}, key string) (warns []string, errs []error) {
 func validateURL(val interface{}, key string) (warns []string, errs []error) {
 	v := val.(string)
 
-	match, err := regexp.MatchString("^(http://|https://)?[a-zA-Z0-9\\.\\-/$!+(_)' ]+$", v)
+	match, err := regexp.MatchString("^(http://|https://)?[a-zA-Z0-9\\-\\.]+(:\\d+)?(/[a-zA-Z0-9\\.\\-/_~%%:]*)?(\\?[a-zA-Z0-9\\.\\-/_~%%=+&#]+)?(#[a-zA-Z0-9\\.\\-/_~%%]+)?$", v)
 	if err != nil {
 		errs = append(errs, fmt.Errorf("%s is invalid, got: %s, error: %e", key, v, err))
 	}
diff --git a/ns1/resource_redirect_test.go b/ns1/resource_redirect_test.go
index 0ebb0955..03010756 100644
--- a/ns1/resource_redirect_test.go
+++ b/ns1/resource_redirect_test.go
@@ -29,6 +29,7 @@ func TestAccRedirectConfig_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
+					testAccCheckRedirectConfigTarget(&redirect, "https://url.com/target/path"),
 					testAccCheckRedirectConfigFwType(&redirect, "masking"),
 					testAccCheckRedirectConfigTags(&redirect, []string{"test", "it"}),
 					testAccCheckRedirectConfigHTTPS(&redirect, true),
@@ -40,6 +41,7 @@ func TestAccRedirectConfig_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
+					testAccCheckRedirectConfigTarget(&redirect, "https://url.com/target/path?q=param#frag"),
 					testAccCheckRedirectConfigFwType(&redirect, "permanent"),
 					testAccCheckRedirectConfigTags(&redirect, []string{}),
 					testAccCheckRedirectConfigHTTPS(&redirect, true),
@@ -75,6 +77,7 @@ func TestAccRedirectConfig_http_to_https(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
+					testAccCheckRedirectConfigTarget(&redirect, "https://url.com/target/path"),
 					testAccCheckRedirectConfigFwType(&redirect, "permanent"),
 					testAccCheckRedirectConfigTags(&redirect, []string{}),
 					testAccCheckRedirectConfigHTTPS(&redirect, false),
@@ -86,6 +89,7 @@ func TestAccRedirectConfig_http_to_https(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
+					testAccCheckRedirectConfigTarget(&redirect, "https://url.com/target/path?q=param#frag"),
 					testAccCheckRedirectConfigFwType(&redirect, "permanent"),
 					testAccCheckRedirectConfigTags(&redirect, []string{}),
 					testAccCheckRedirectConfigHTTPS(&redirect, true),
@@ -97,6 +101,7 @@ func TestAccRedirectConfig_http_to_https(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckRedirectConfigExists("ns1_redirect.it", &redirect),
 					testAccCheckRedirectConfigDomain(&redirect, "test."+domainName),
+					testAccCheckRedirectConfigTarget(&redirect, "https://url.com/target/path"),
 					testAccCheckRedirectConfigFwType(&redirect, "permanent"),
 					testAccCheckRedirectConfigTags(&redirect, []string{}),
 					testAccCheckRedirectConfigHTTPS(&redirect, true),
@@ -210,7 +215,7 @@ resource "ns1_redirect" "it" {
   certificate_id   = "${ns1_redirect_certificate.example.id}"
   domain           = "test.${ns1_zone.test.zone}"
   path             = "/from/path/*"
-  target           = "https://url.com/target/path"
+  target           = "https://url.com/target/path?q=param#frag"
   forwarding_mode  = "capture"
   forwarding_type  = "permanent"
   https_forced     = true
@@ -343,6 +348,15 @@ func testAccCheckRedirectConfigDomain(cfg *redirect.Configuration, expected stri
 	}
 }
 
+func testAccCheckRedirectConfigTarget(cfg *redirect.Configuration, expected string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		if cfg.Target != expected {
+			return fmt.Errorf("Target: got: %s want: %s", cfg.Domain, expected)
+		}
+		return nil
+	}
+}
+
 func testAccCheckRedirectConfigFwType(cfg *redirect.Configuration, expected string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if cfg.ForwardingType.String() != expected {