Create an allowlist or blocklist
In the context of DNS filtering, a blocklist is a list of known harmful domains or IP addresses. An allowlist is a list of allowed domains or IP addresses, such as the domains of essential corporate applications.
Gateway supports creating lists of URLs, hostnames, or other entries to use in your policies.
The following DNS policy will allow access to all approved corporate domains included in a list called Corporate Domains.
Selector | Operator | Value | Action |
---|---|---|---|
Domain | in list | Corporate Domains | Allow |
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \ --header 'Content-Type: application/json' \ --header "Authorization: Bearer <API_TOKEN>" \ --data '{ "name": "All-DNS-CorporateDomain-AllowList", "description": "Allow access to the corporate domains defined under the Corporate Domains list", "precedence": 1, "enabled": true, "action": "allow", "filters": [ "dns" ], "traffic": "any(dns.domains[*] in $<CORPORATE_DOMAINS_LIST_UUID>)"}'
To create a new DNS policy using Terraform to allow access to all approved corporate domains included in a list called Corporate Domains.
resource "cloudflare_zero_trust_gateway_policy" "allow_corporate_domain_access" { account_id = var.account_id name = "All-DNS-CorporateDomain-AllowList" description = "Allow access to the corporate domains defined under the Corporate Domains list" precedence = 1 enabled = false action = "allow" filters = ["dns"] traffic = "any(dns.domains[*] in $<Corporate Domains List UUID>)"}