Create an allowlist or blocklist
2 min read
In the context of DNS filtering, a blocklist is a list of known harmful domains or IP addresses. An allowlist is a list of allowed domains or IP addresses, such as the domains of essential corporate applications.
Gateway supports creating lists of URLs, hostnames, or other entries to reference in your policies.
Create a list from a CSV file
Here is a sample CSV file of URLs that you can use for testing. When formatting the CSV:
- Each line should be a single entry.
- Trailing whitespaces are not allowed.
- CRLF (Windows) and LF (Unix) line endings are valid.
To upload the list to Zero Trust:
- In Zero Trust, go to My Team > Lists.
- Select Upload CSV.
- Next, specify a List name, enter an optional description, and choose a List type.
- Drag and drop a file into the CSV file window, or select a file.
- Select Create.
You can now use this list in the policy builder by choosing the in list operator.
Create a list manually
- In Zero Trust, go to My Team > Lists.
- Select Create manual list.
- Next, specify a List name, enter an optional description, and choose a List type.
- Enter your list element manually into the Add entry field and select Add.
- Select Save.
curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/lists \
--header 'Content-Type: application/json' \
--header 'X-Auth-Email: <EMAIL>' \
--header 'X-Auth-Key: <API_KEY>' \
--data '{ "description": "Private application IPs", "items": [{"value": "10.226.0.177/32"},{"value": "10.226.1.177/32"}], "name": "Corporate IP list", "type": "IP" }'
You can now use this list in the policy builder by choosing the in list operator.
Example policy
| Selector | Operator | Value | Action |
|---|---|---|---|
| Domain | in list | Corporate domains | Allow |