A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address, URL, or fully qualified domain name. URLs are only supported for Block lists while IP addresses are only supported for Allow lists.
Allow list entries always take precedence over block list entries. Allow lists also take precedence over security related blocks, so if you feel a domain is being blocked incorrectly, adding it to an allow list allows access. For example:
- Blocking domain.com and adding mail.domain.com to the Allow List will still allow mail.domain.com.
- Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com.
- Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Umbrella allowing access to mail.domain.com.
We recommend adding domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included (a wildcard is implicit). However, if you only wish to block subdomain.domain.com, then be more specific when you define the entry here.
All destination lists support automatic implicit domain wildcards. For example:
- domain.com ---> *.domain.com
- www.domain.com ---> *.www.domain.com
Wildcards also support TLDs, to allow broad allows or blocks. Use caution as adding a TLD to an allow list may open your network to malware threats, and adding a TLD to a block list may block more than expected due to CNAMEs and CDNs.
- com ---> *.com
- co.uk ---> *.co.uk
Web pages utilize many different domains, and a content domain may be responsible for the remaining blocks. For more information, see Allow/Blocking a Site (Best Practice).