Block all TLD by default, allow by exception
There are a crazy amount of useless TLDs on the internet.
Would like to see an option to block all TLDs and create an allow list. Maybe have a default allow list of the most commonly used (.com, .net, .gov, .org) and allow users to add whatever country codes or others they want)
We will soon improve that TLD selection modal, with "group" checkbox (so you can mass select/unselect all the new gTLDs for example, or select all easily and then unselect the one you don't want to block).
There are bunch of .lan TLD spamming my logs. Is there anyway to block TLD’s user defined ? Because ‘.lan’ is not available in the TLD list to block.
I would like to suggest an additional option to block :
1) all TLD in non Latin alphabet,
2) all TLD which have 5 and more letters, as they are rarely used.
I'd love a default-deny - I currently need to spend 10 minutes ticking "ADD" for every TLD :)
This would mean that I could easily have a highly restrictive system-level allow-list profile, and another far less restrictive profile for a web browser.
And I'd also be interested in a new feature alongside having a default-deny policy: when a *new* domain is detected, and only the first time that domain is observed, send an alert email. It would be extremly useful in some use cases - for example, on an internet-facing server which should only ever be resolving a very small number of domains, and any queries beyond that small set would be a security alert. However, I recognise that this may be awkward to implement and/or expensive in terms of resource, so "newly observed for this profile" alerting would very much be a wishlist feature. This could perhaps be accommodated with a query streaming type of log, so that these issues could be ingested into an on-prem SIEM.
- 4 mths agoLast active