We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Content Shield

How to Create Exception Policies for DNS Filtering

  • Last updated on

You can create domain-level block or allow exceptions to the policies you have already defined (as described in How to Configure DNS Filtering Policies).  For example, you might want to block the category Finance and Investment for your organization, but allow specific bank and brokerage domains so your finance department can do company business. 

  1. Go to the DNS FILTERING page.
  2. In the OUTBOUND IP ADDRESS column, locate the network for which you want to update policies, then click EXCEPTIONS .    

    If you have already defined a network and want to copy its exceptions: Under Exception Policy, select the name of the network from which you want to copy exceptions. Those exceptions are copied to the network you are currently configuring, overwriting the existing exceptions, if any exist.


  3. Select Allow Traffic or Block Traffic, and then enter the domain or subdomain name in the format shown in the table. Do not use wildcards ('*'), or include protocols, such as http:// or https://. 

    Correct Incorrect
    mydomain.net https://www.mydomain.net
    www.mail.barracuda.com *.mail.barracuda.com
    google.com, www.google.com http://www.google.com
    yourdomain.org *.yourdomain.org

    All subdomains of the domain you enter are automatically included; in other words, subdomains inherit policies applied for a domain, UNLESS you create an exception. If you want to create an exception for a particular subdomain, you must specify that subdomain explicitly. For example, if you create a Block Traffic exception for google.com, all subdomains are included and blocked. If you want to allow subdomain mail.google.com, create an Allow Traffic exception for the subdomain mail.google.com. Here are more examples of how exceptions work with domains and subdomains:

    Policy Results

    BLOCK google.com

    ALLOW mail.google.com

    BLOCK server1.mail.google.com



    http://google.com/ BLOCKED (matches google.com)

    http://inbox.google.com/ BLOCKED (matches google.com)

    http://mail.google.com/ ALLOWED (matches mail.google.com)

    http://server1.mail.google.com/ BLOCKED (matches server1.mail.google.com)

    http://server2.mail.google.com/ ALLOWED (matches mail.google.com)

    BLOCK www.abc.com

    http://abc.com ALLOWED (doesn't match www.abc.com)
    BLOCK abc.com http://www.abc.com BLOCKED (inherits policy from abc.com domain)
    ALLOW abc.com
    BLOCK z.abc.com
    http://z.abc.com BLOCKED (matches z.abc.com)
    http://y.abc.com ALLOWED (inherits policy from abc.com)
  4. Click ADD DOMAIN .
  5. Click Save.

To remove an exception, click the Remove icon (deleteException.png) in the table.



Last updated on