It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Content Shield

How to Create Exception Policies for DNS Filtering

  • Last updated on

You can create domain-level block or allow exceptions to the policies you have already defined (as described in How to Configure DNS Filtering Policies).  For example, you might want to block the category Finance and Investment for your organization, but allow specific bank and brokerage domains so your finance department can do company business. 

  1. Go to the DNS FILTERING page.
  2. In the OUTBOUND IP ADDRESS column, locate the network for which you want to update policies, then click EXCEPTIONS .    

    Optional

    If you have already defined a network and want to copy its exceptions: Under Exception Policy, select the name of the network from which you want to copy exceptions. Those exceptions are copied to the network you are currently configuring, overwriting the existing exceptions, if any exist.

       

  3. Select Allow Traffic or Block Traffic, and then enter the domain or subdomain name in the format shown in the table. Do not use wildcards ('*'), or include protocols, such as http:// or https://. 

    CorrectIncorrect
    mydomain.nethttps://www.mydomain.net
    www.mail.barracuda.com*.mail.barracuda.com
    google.com, www.google.comhttp://www.google.com
    yourdomain.org*.yourdomain.org

    Domains and subdomains: All subdomains of the domain you enter are automatically included; in other words, subdomains inherit policies applied for a domain, UNLESS you create an exception. If you want to create an exception for a particular subdomain, you must specify that subdomain explicitly. For example, if you create a Block Traffic exception for google.com, all subdomains are included and blocked. If you want to allow subdomain mail.google.com, create an Allow Traffic exception for the subdomain mail.google.com. Here are more examples of how exceptions work with domains and subdomains:

    PolicyResults

    BLOCK google.com

    ALLOW mail.google.com

    BLOCK server1.mail.google.com

     

     

    http://google.com/ BLOCKED (matches google.com)

    http://inbox.google.com/ BLOCKED (matches google.com)

    http://mail.google.com/ ALLOWED (matches mail.google.com)

    http://server1.mail.google.com/ BLOCKED (matches server1.mail.google.com)

    http://server2.mail.google.com/ ALLOWED (matches mail.google.com)

    BLOCK www.abc.com

    http://abc.com ALLOWED (doesn't match www.abc.com)
    BLOCK abc.comhttp://www.abc.com BLOCKED (inherits policy from abc.com domain)
    ALLOW abc.com
    BLOCK z.abc.com
    http://z.abc.com BLOCKED (matches z.abc.com)
    http://y.abc.com ALLOWED (inherits policy from abc.com)
  4. Click ADD DOMAIN .
  5. Click Save .

To remove an exception, click the Remove icon (deleteException.png) in the table.