Hello we have a dns policy rule that dont allow adult content but we notice today that even tho they used zero trust the gateway dns policy allowed a user to access a adult site. it shows up in the logs as allowed but its not allowed.
I’ve seen a few drop through as well when just using the adult/pr0n categories. Adding the CIPA filter to the rule seems to take care of everything but may overdo some sites depending on your use case.
Check a site’s categorisation here…
https://radar.cloudflare.com
This is generally true of most category filtering, as new sites come online daily, sites are sometimes miscategorized, etc. If it’s critical to block every site, there are a few options:
- Limit available search engines and force them to safe search
- Use multiple products at different places in the network flow, making sure they are pulling from different content source lists. For example, use Cloudflare for DNS filtering and an AV or parental controls application on the device.