Cloudflare Docs
Cloudflare Zero Trust
Edit this page on GitHub
Set theme to dark (⇧+D)

Gateway policies

Cloudflare Gateway, our comprehensive Secure Web Gateway, allows you to set up policies to inspect DNS, Network, HTTP, and Egress traffic.

  • DNS policies inspect DNS queries. You can block domains and IP addresses from resolving on your devices. For more information on DNS filtering, refer to our Learning Center article.
  • Network policies inspect individual TCP/UDP/GRE packets. You can block access to specific ports on your origin server, including non-HTTP resources.
  • HTTP policies inspect HTTP requests. You can block specific URLs from loading, not just the domain itself. For more information on URL filtering, refer to our Learning Center article.
  • Egress policies inspect traffic to assign egress IP addresses unique to your organization.
  • Resolver policies inspect DNS queries to enable resolution by custom authoritative nameservers.

​​ Selecting a policy type

The recommended policy type depends on what kind of traffic you are trying to filter. Generally speaking:

  • To block websites, create an HTTP policy.
  • To block non-HTTP traffic such as SSH and RDP, create a network policy.
  • To block malware and other security threats, create both DNS and HTTP policies.
  • To assign static IP addresses to your organization’s egress traffic, create an egress policy.

Refer to the DNS, network, HTTP, and egress configuration pages to see the available filtering options within each policy builder.