Cloudflare Gateway’s DNS filtering capabilities allow you to block known and potential security risks on the public Internet, as well as specific categories of content. To give you more granular control over how to secure your network, Gateway also provides you with categorized security risks and content categories.
You can block security risks and content categories by creating DNS policies. Once you have configured your policies, you will be able to inspect network activity and the associated categories in your Gateway logs.
Security risk categories
|Category
|Definition
|Anonymizer
|Sites that allow users to surf the Internet anonymously.
|Command and Control & Botnet
|Sites that are queried by compromised devices to exfiltrate information or potentially infect other devices in a network.
|Cryptomining
|Sites that mine cryptocurrency by taking over the user’s computing resources.
|DGA Domains
|Domains detected as generated by algorithms seen in malware.
|DNS Tunneling
|Domains with detected DNS tunneling activity.
|Malware
|Sites hosting malicious content and other compromised websites.
|New Domains
|Domains that have been registered very recently.
|Newly Seen Domains
|Domains that have recently been resolved for the first time.
|Phishing
|Domains that are known for stealing personal information.
|Private IP Address
|Domains that resolve to private IP Addresses.
|Spam
|Sites that are known for targeting users with unwanted sweepstakes, surveys, and advertisements.
|Spyware
|Sites that are known to distribute or contain code that displays unwanted advertisements or that gathers user information without the user’s knowledge.
|Unreachable
|Domains that resolve to unreachable IP addresses.
Block security risk categories
- Navigate to the Policies tab in the Cloudflare Zero Trust dashboard.
- Create a new policy , or edit an existing one.
- Navigate to the Security risks tab.
- Select all the security risk categories you want your policy to block.
- Click Save to finalize your changes.
Content categories
|Category
|Definition
|Adult Themes
|Sites that are hosting content related to pornography, nudity, sexuality, and other adult themes.
|Business & Economy
|Sites that are related to business, economy, finance, education, science and technology.
|Deceptive Ads
|Sites that spoof clicks, impressions, conversions for ads.
|Drugs
|Sites related to the use and promotion of illegal drugs or illegal use of prescribed drugs.
|Education
|Site hosting educational content that are not included in other categories like Science, Technology or Educational institutions.
|Entertainment
|Sites that are hosting entertaining content that are not included in other categories like Comic books, Audio streaming, Video streaming etc.
|Gambling
|Sites that are providing online gambling or are related to gambling.
|Government & Politics
|Sites related to government and politics.
|Health
|Sites containing information about health and fitness.
|Information Technology
|Sites related to information technology.
|Internet Communication
|Sites hosting applications that are used for communication like chat, mail etc.
|Job Search & Careers
|Sites that facilitate searching for jobs and careers.
|Login Screens
|Sites hosting login screens that are not included in other categories.
|Miscellaneous
|Sites that are not included in the listed security and content categories.
|No Content
|Sites that have no content.
|Questionable Content
|Sites hosting content that are related to hacking, piracy, profanity and other questionable activities.
|Real Estate
|Sites related to real estate.
|Religion
|Sites hosting content about religion, alternative religion, religious teachings, religious groups and spirituality.
|Safe for Kids
|Sites that are safe for kids to visit.
|Security threats
|Sites that contain security threats like malware, phishing, cryptomininng and other security threats.
|Shopping & Auctions
|Sites that are hosting content related to ecommerce, coupons, shopping, auctions and marketplaces.
|Social & Family
|Sites related to society and lifestyle.
|Society & Lifestyle
|Sites hosting information about lifestyle that are not included in other categories like fashion, food & drink etc.
|Sports
|Sites related to sports & recreation.
|Technology
|Sites hosting information about technology that are not included in the science category.
|Travel
|Sites that contain information about listings, reservations, services for travel.
|Vehicles
|Sites related vehicles, automobiles, including news, reviews, and other hobbyist information.
|Violence
|Sites hosting and/or promoting violent content.
|Weather
|Sites related to weather.
Blocking content categories
- Navigate to the Policies tab in the Cloudflare Zero Trust dashboard.
- Create a new policy , or edit an existing one.
- Navigate to the Content categories tab.
- Select all the content categories you want your policy to block.
- Click Save to finalize your changes.
Test a policy
If you are blocking a security threat or content category, you can test that the policy is working by using the test domain associated with each category.
Once you have configured your Gateway policy to block the category, the test domain will show a block page when you attempt to visit the domain in your browser, or will return
REFUSED when you perform
dig using the command-line interface.
Test domains
One-word categories
Test domains use the following format for categories with one-word names:
NAME_OF_CATEGORY.testcategory.com
|Category
|Test domain
|Malware
malware.testcategory.com
|Phishing
phishing.testcategory.com
|Cryptomining
cryptomining.testcategory.com
Multi-word categories
If the category has multiple words in the name (e.g. Parked & For Sale Domains) then the test domain uses the following format:
- Remove any spaces between the words
- Replace
&with
and
- All letters are lowercase
|Category
|Test domain
|Parked & For Sale Domains
parkedandforsaledomains.testcategory.com
|Private IP Address
privateipaddress.testcategory.com
|Command and Control & Botnet
commandandcontrolandbotnet.testcategory.com
Common test domains
|Category
|Test domain
|Adult Themes
nudity.testcategory.com
|Anonymizer
anonymizer.testcategory.com
|Command and Control & Botnet
commandandcontrolandbotnet.testcategory.com
|Cryptomining
cryptomining.testcategory.com
|Malware
malware.testcategory.com
|New Domains
newdomains.testcategory.com
|Parked & For Sale Domains
parkedandforsaledomains.testcategory.com
|Phishing
phishing.testcategory.com
|Private IP Address
privateipaddress.testcategory.com
|Spam
spam.testcategory.com
|Spyware
spyware.testcategory.com
|Unreachable
unreachable.testcategory.com