The Umbrella Deployment Documentation Developer Hub

Welcome to the Umbrella Deployment Documentation developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella Deployment Documentation as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Working with Destination Lists

A destination list is a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization. A destination is an IP address, URL, or fully qualified domain name. URLs are only supported for Block lists while IP addresses are only supported for Allow lists.

Allow list entries always take precedence over block list entries. Allow lists also take precedence over security related blocks, so if you feel a domain is being blocked incorrectly, adding it to an allow list allows access. For example:

  • Blocking domain.com and adding mail.domain.com to the Allow List will still allow mail.domain.com.
  • Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com.
  • Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Umbrella allowing access to mail.domain.com.

We recommend adding domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included (a wildcard is implicit). However, if you only wish to block subdomain.domain.com, then be more specific when you define the entry here.

If a Destination List Entry Doesn't Fully Unblock or Allow a Page

Web pages utilize many different domains, and a content domain may be responsible for the remaining blocks. For more information, see Allow/Blocking a Site (Best Practice).


Application Settings < Working with Destination Lists > Add a New Destination List to a Policy