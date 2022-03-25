Categories

Cloudflare Gateway’s DNS filtering capabilities allow you to block known and potential security risks on the public Internet, as well as specific categories of content. To give you more granular control over how to secure your network, Gateway also provides you with categorized security risks and content categories.

You can block security risks and content categories by creating DNS policies. Once you have configured your policies, you will be able to inspect network activity and the associated categories in your Gateway logs.

​​ Security risk categories

If you wish to block a hostname or URL that belongs to a security risk category, you need to block that category. If the security risk category is not configured as blocked, requests to that hostname or URL will appear in your Gateway logs as allowed requests.

Category Definition Anonymizer Sites that allow users to surf the Internet anonymously. Command and Control & Botnet Sites that are queried by compromised devices to exfiltrate information or potentially infect other devices in a network. Cryptomining Sites that mine cryptocurrency by taking over the user’s computing resources. DGA Domains Domains detected as generated by algorithms seen in malware. DNS Tunneling Domains with detected DNS tunneling activity. Malware Sites hosting malicious content and other compromised websites. New Domains Domains that have been registered very recently. Newly Seen Domains Domains that have recently been resolved for the first time. Phishing Domains that are known for stealing personal information. Private IP Address Domains that resolve to private IP Addresses. Spam Sites that are known for targeting users with unwanted sweepstakes, surveys, and advertisements. Spyware Sites that are known to distribute or contain code that displays unwanted advertisements or that gathers user information without the user’s knowledge. Unreachable Domains that resolve to unreachable IP addresses.

​​ Block security risk categories

Navigate to the Policies tab in the Cloudflare Zero Trust dashboard External link icon Open external link . Create a new policy , or edit an existing one. Navigate to the Security risks tab.

Select all the security risk categories you want your policy to block. Click Save to finalize your changes.

​​ Content categories

Category Definition Adult Themes Sites that are hosting content related to pornography, nudity, sexuality, and other adult themes. Business & Economy Sites that are related to business, economy, finance, education, science and technology. Deceptive Ads Sites that spoof clicks, impressions, conversions for ads. Drugs Sites related to the use and promotion of illegal drugs or illegal use of prescribed drugs. Education Site hosting educational content that are not included in other categories like Science, Technology or Educational institutions. Entertainment Sites that are hosting entertaining content that are not included in other categories like Comic books, Audio streaming, Video streaming etc. Gambling Sites that are providing online gambling or are related to gambling. Government & Politics Sites related to government and politics. Health Sites containing information about health and fitness. Information Technology Sites related to information technology. Internet Communication Sites hosting applications that are used for communication like chat, mail etc. Job Search & Careers Sites that facilitate searching for jobs and careers. Login Screens Sites hosting login screens that are not included in other categories. Miscellaneous Sites that are not included in the listed security and content categories. No Content Sites that have no content. Questionable Content Sites hosting content that are related to hacking, piracy, profanity and other questionable activities. Real Estate Sites related to real estate. Religion Sites hosting content about religion, alternative religion, religious teachings, religious groups and spirituality. Safe for Kids Sites that are safe for kids to visit. Security threats Sites that contain security threats like malware, phishing, cryptomininng and other security threats. Shopping & Auctions Sites that are hosting content related to ecommerce, coupons, shopping, auctions and marketplaces. Social & Family Sites related to society and lifestyle. Society & Lifestyle Sites hosting information about lifestyle that are not included in other categories like fashion, food & drink etc. Sports Sites related to sports & recreation. Technology Sites hosting information about technology that are not included in the science category. Travel Sites that contain information about listings, reservations, services for travel. Vehicles Sites related vehicles, automobiles, including news, reviews, and other hobbyist information. Violence Sites hosting and/or promoting violent content. Weather Sites related to weather.

​​ Blocking content categories

Navigate to the Policies tab in the Cloudflare Zero Trust dashboard External link icon Open external link . Create a new policy , or edit an existing one. Navigate to the Content categories tab.

Select all the content categories you want your policy to block. Click Save to finalize your changes.

​​ Test a policy

If you are blocking a security threat or content category, you can test that the policy is working by using the test domain associated with each category.

Once you have configured your Gateway policy to block the category, the test domain will show a block page when you attempt to visit the domain in your browser, or will return REFUSED when you perform dig using the command-line interface.

​​ Test domains

Test domains use the following format for categories with one-word names:

NAME_OF_CATEGORY.testcategory.com

Category Test domain Malware malware.testcategory.com Phishing phishing.testcategory.com Cryptomining cryptomining.testcategory.com

If the category has multiple words in the name (e.g. Parked & For Sale Domains) then the test domain uses the following format:

Remove any spaces between the words

Replace & with and

with All letters are lowercase

Category Test domain Parked & For Sale Domains parkedandforsaledomains.testcategory.com Private IP Address privateipaddress.testcategory.com Command and Control & Botnet commandandcontrolandbotnet.testcategory.com

​​ Common test domains