The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Manage Destination Lists

A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address, URL, or fully qualified domain name. URLs are only supported for Block lists while IP addresses are only supported for Allow lists.

Allow list entries always take precedence over block list entries. Allow lists also take precedence over security related blocks, so if you feel a domain is being blocked incorrectly, adding it to an allow list allows access. For example:

  • Blocking domain.com and adding mail.domain.com to the Allow List will still allow mail.domain.com.
  • Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com.
  • Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Umbrella allowing access to mail.domain.com.

We recommend adding domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included (a wildcard is implicit). However, if you only wish to block subdomain.domain.com, then be more specific when you define the entry here.

Wildcards in Destination Lists

All destination lists support automatic implicit domain wildcards. For example:

  • domain.com ---> *.domain.com
  • www.domain.com ---> *.www.domain.com

Wildcards also support TLDs, to allow broad allows or blocks. Use caution as adding a TLD to an allow list may open your network to malware threats, and adding a TLD to a block list may block more than expected due to CNAMEs and CDNs.

  • com ---> *.com
  • co.uk ---> *.co.uk

If a Destination List Entry Doesn't Fully Unblock or Allow a Page

Web pages utilize many different domains, and a content domain may be responsible for the remaining blocks. For more information, see Allow/Blocking a Site (Best Practice).


Application Settings < Manage Destination Lists > Add a New Destination List to a Policy