Deny all except for specific exempted domains in Content Blocking?

On a different product, we used to block everything with the content filter except for three specific domains (for client field installations that are heavily controlled). Is there a way to do this on the Peplink? We’re using a Surf SOHO MK3.

Do you try before by define the “top level domains” block list in the “Customized Domains” and define the allowed list in the “Exempted Domains from Web Blocking” ? This should able to help on your use case.

1 Like

That is certainly possible, however there are over 1500 TLDs currently. So I would need to add an entry for each one, which is quite tedious. For example, if we block *.com that will work for blocking contoso.com, but if we don’t block *.to, contoso.to won’t be blocked and this is still a security hole.

Is there any other way to blanket block everything except for what is white listed?

Hello @jrobie,
Did you mention you only have three (3) TLD that you want to allow?
Have you attempted to put into customised Domains “.” to block everything, then just add your three TLD into the “Exempted Domains” list?
I’ve got no current reason to test this our self, though do let us know how that goes.
Happy to Help,
Marcus :slight_smile:

Hello! Thanks for your response.

I did initially try that, yes. It gives the following message:
image

I also tried varying combinations, such as just a period, etc. Nothing seemed to work for me.

Hello @jrobie
We do not have a SOHO we can test this on currently, maybe one of our colleagues in the forum or the team at Peplink can help further, have you looked at using the outbound firewall rules?
Happy to Help,
Marcus :slight_smile:

I did do some testing with the outbound firewall as well. I will have to experiment more with it I guess while we wait for anyone else to chime in.

Just wanted to reply back that your instructions of blocking TLDs don’t seem to work either:
image

It matches right to left so just enter com.

image

1 Like

Thanks, that does work.

There has to be a better way to block everything except the exempt list though. There are way too many TLDs to do manually using this method.