Control Access to Domains
Domains in destination lists must comply with the format described in RFC-1053 . You may not use wildcards in domains in destination lists; Secure Access assumes implied left wildcards in domain entries. A domain in a destination list matches traffic to all paths in that domain and its subdomains.
| Destination list entry: | Matches all traffic where the domain matches: |
|---|---|
example.com | *.example.com |
www.example.com | *.www.example.com |
For more information about troubleshooting possible error conditions with destination lists, see Troubleshoot Destination Lists.
- Depending on what you want to do, you may need multiple web access rules and destination lists. Remember:
- Order rules from specific to general.
- The default internet access rule is set to allow; the default private access rule is block. (See Edit or View the Default Access Rules.
- Allowed traffic is still subject to security controls (See Security Controls for Internet Access Rules and the DLP policy Manage the Data Loss Prevention Policy.
The following web access rule examples illustrate how you can use destination lists to control access to a public internet domain:
- To block all traffic to example.com:
- Create Rule A with the block action, using a destination list containing example.com.
- To block traffic to a subdomain and allow traffic to the rest of the domain continue to match rules:
- Create Rule A with the block action using a destination, list containing sub.example.com.
- To allow traffic to a subdomain, but block the rest of the domain:
- Create Rule A with the allow action, using a destination list containing sub.example.com.
- Create Rule B with the block action, using a destination list with example.com.
Control Access to Custom URLs < Control Access to Domains > Troubleshoot Destination Lists
Updated about 15 hours ago