Skip to content
Gateway
Visit Gateway on GitHub
Set theme to dark (⇧+D)

Blocking categories

Cloudflare Gateway’s DNS filtering capabilities allow you to block known and potential security threats on the public internet, as well as specific categories of content. To give you more granular control over how to secure your network, Gateway also provides you with categorized security threats and content categories.

You can block security threats and content categories by creating Gateway policies. Once you have configured your policies, you will be able to inspect network activity and the associated categories in your Gateway logs.

To know more about security threats and content categories, read our Categories learning page.

Block security threat categories

  1. Navigate to the Policies tab in the Teams dashboard.
  2. Create a new policy, or edit an existing one.
  3. Navigate to the Security threats tab.

Security threats page

  1. Select all the security threats categories you want your policy to block.
  2. Click Save to finalize your changes.

Block content categories

  1. Navigate to the Policies tab in the Teams dashboard.
  2. Create a new policy, or edit an existing one.
  3. Navigate to the Content categories tab.

Content categories page

  1. Select all the content categories you want your policy to block.
  2. Click Save to finalize your changes.

Test a policy

If you are blocking a security threat or content category, you can test that the policy is working by using the test domain associated with each category.

Once you have configured your Gateway policy to block the category, the test domain will show a block page when you attempt to visit the domain in your browser, or will return REFUSED when you perform dig using the command-line interface.

Test domains

One-word categories

Test domains use the following format for categories with one-word names:

NAME_OF_CATEGORY.testcategory.com

CategoryTest domain
Malwaremalware.testcategory.com
Phishingphishing.testcategory.com
Cryptominingcryptomining.testcategory.com

Multi-word categories

If the category has multiple words in the name (e.g. Parked & For Sale Domains) then the test domain uses the following format:

  • Remove any spaces between the words
  • Replace & with and
  • All letters are lowercase
CategoryTest domain
Parked & For Sale Domainsparkedandforsaledomains.testcategory.com
Private IP Addressprivateipaddress.testcategory.com
Command and Control & Botnetcommandandcontrolandbotnet.testcategory.com

Common test domains

CategoryTest domain
Anonymizeranonymizer.testcategory.com
Command and Control & Botnetcommandandcontrolandbotnet.testcategory.com
Cryptominingcryptomining.testcategory.com
Malwaremalware.testcategory.com
New Domainsnewdomains.testcategory.com
Parked & For Sale Domainsparkedandforsaledomains.testcategory.com
Phishingphishing.testcategory.com
Private IP Addressprivateipaddress.testcategory.com
Spamspam.testcategory.com
Spywarespyware.testcategory.com
Unreachableunreachable.testcategory.com