Guides
ProductDeveloperPartnerPersonal
ProductDeveloperPartnerPersonal

Add a Web Destination List

Suggest Edits

Destination lists are used to control identity access to websites. You add destinations to a destination list and then add that destination list to a policy. A Web policy only supports Web destination lists. A Web destination list can include the following destination types:

  • Domain
  • URL
  • IPv4
  • CIDR

A Web destination list comes into effect when you add it as part of a rule for the Web policy. However, you must first add a Web destination list to Umbrella through the Destination List policy component before you can add it to a rule. You cannot create and add a Web destination list to a rule in the way that you can create and add a DNS destination list to a DNS policy while you are adding the DNS policy.

Note: Destination lists accept domain names encoded in Punycode. For more information, see Add Punycode Domain Name to Destination List.

A Web destination list is configured as a block or allow—but not warn—destination list when you add it as a rule. It is not configured as block or allow when you first create it through the policy component. However, once added as a rule, the following applies:

  • Allow destination lists always take precedence over block destination lists.
  • Allow lists take precedence over security-related blocks. Thus, if a domain is being blocked incorrectly, adding it to an allow rule allows access. For example:
    • Blocking domain.com and adding mail.domain.com to the Allow List will still allow mail.domain.com.
    • Adding domain.com to the Allow List and blocking sub.domain.com will still allow sub.domain.com.
    • Adding domain.com to a block list, and mail.domain.com to an Allow list, assuming both lists are applied to the same policy, results in Umbrella allowing access to mail.domain.com.

Always add domains in the format "domain.com" rather than www.domain.com to ensure *.domain.com is included (a wildcard is implicit). However, if you only wish to block subdomain.domain.com, then be more specific when you define the entry here.

Note: Destination lists accept domain names encoded in Punycode. For more information, see Add Punycode Domain Name to Destination List.

  1. Navigate to Policies > Policy Components > Destination Lists and click Add.
1063
  1. Give your destination list a good descriptive List Name.
    Note: There is a minimum three-character limit when searching for a destination list. We recommend that your Web destination list name be at least three characters long. For more information, see Search for a Destination List.
1052
  1. From the This Destination List Type drop-down list, choose Web Policies.
  2. Add destinations—Domain, URL, IPv4, and CIDR.
    Instead of adding destinations one at a time, you can bulk upload destinations through a text file. For more information, see Add Destinations in Bulk.
  3. Click Save.
983

This new Web destination list is now available for selection when you add rules to a ruleset for the Web policy.

1215

Add a DNS Destination List < Add a Web Destination List > Add a SAML Bypass Destinaton List

Updated 5 months ago