Allow Blocking of Individual Domains Classed as "Content Server" Domains.
C C
Yes, I do add subdomains of the main example.com domains to the filter. Your example: I'm not sure I understand. So if I added photos-e.ak.fbcdn.net to the Blocklist, and didn't add fbcdn.net to the Allow list; then the domain would not be able to be accessed at all, either the parent or subdomain if the domain is not a Content Server; but if it a Content Server domain; then doing what you suggest would not have any effect on the domain, it would still be live (if the subdomain is a content server).
Mikey @DNSFilter
The allow and block list do not operate differently if the domain is a content server. It's just allow or block but if the same domain is on both lists the domain is allowed because the allow list is given the highest priority in our system.
In my example I'm describing the use of a CNAME vs the root. fbcdn.net on the block list includes fbcdn.net and any sub domain of fbcdn.net. How you apply this feature depends on your desired outcome which I would be happy to speak with you about.
An allow-list only policy is challenging, impossible if you want to allow anydomain.com but block images.anydomain.com
C C
An example: Domain: goodreads.com. Content Server domain: i.gr-assets.com. How can I block this Content Server domain? Is there any way at all? Thanks.
Mikey @DNSFilter
C C:, in the case of i.gr-assets.com you must additionally block d3201w7qr60x0r.cloudfront.net as seen in our dashboard:
C C
Hello. Yes, I have a white list only policy. The DNSFilter is great, the only major issue I have, is that once a domain is classed as a "Content Server", there is no way at all to block it. Weather it is in the filter Allow list or not, even if it is just in the Block list, it will always work.
Mikey @DNSFilter
open
Christopher: I see what you mean now. And you are correct that the allow list has the highest priority. Are you attempting a whitelist only policy?
You can add specific CNAMEs to the block list without blocking the entire root. Ex: add photos-e.ak.fbcdn.net to the blocklist but do not add fbcdn.net to the allowlist.
This is a challenging situation. I'll re-open the request and hope to learn more about your and other's use case.
Christopher
No, the Block list does not block Content Server domains. In fact, the block list does not block any domains in the allow list at all. Could you re-open this feature request.
Mikey @DNSFilter
closed
Christopher, please use the policies block list to achieve your desired outcome and reach out to our support team if you need assistance.