Interaction between blocked and allowed domain names
A domain name consists of multiple levels, where a dot (.) separates each level. Consider the ‘cloud.openvpn.com’ domain name:
- .com is the top-level domain (TLD)
- .openvpn is the second-level domain
- cloud is the third-level or sub-domain
The domain name matching logic checks domain names from right to left, starting from the TLD. Therefore, if you are using both Block List and Allow List, be careful when you are filtering on both domain and subdomain names.
The table below shows two configurations of a domain and subdomain used in both the Allow List and Block List. The results for each configuration are different.
|Config||Domain in |
|Domain in |
|A||google.com||mail.google.com||http://google.com ALLOWED. All subdomains are also allowed unless specifically configured in the Block List.|
|B||mail.google.com||google.com||http://google.com BLOCKED. All subdomains are also blocked unless specifically configured in the Allow List.|