Block all sites except 1 and also allow all social media

I have an event with about 600-800 users that need access to 1 website and social media. All other sites should be blocked. Can this be done with Cloudflare Gateway?

Gateway is for outbound traffic, such as DNS queries and VPN.

How are you expecting to differentiate between permitted users and those not permitted access? And what type of Social Media access are you expecting?

We would have multiple VLANS. The public VLAN will have all the restrictions and Cloudflare dns, the production will have full access to the internet using google dns.

Oohhhhhh! I get it. You’re going to have a ton of people on your network, and want to filter DNS.

I would do this:

  • Production VLAN DHCP assigns regular DNS (on-site DNS, generic 1.1.1.1, whatever).
  • Public VLAN DHCP assigns the Gateway DNS servers and you can filter how you see fit.

Note that more determined users may VPN out, or set their own name servers. Personally, I’d restrict or reroute VLAN outbound Port 53 to just those two Gateway addresses. Full DNS blocking is quite difficult.

Thats fine if they want to go hard core and change dns or even use VPN, they only have 2 hours for the event and they paid money to join the event content.

So is it possible to block all websites except 1 or 2 and allow all social media sites and apps?

You’ll need to do some prep work. I’d toggle a block on everything (Security threats & Content categories), then go into Custom to enable that one website.

Then go to https://radar.cloudflare.com/categorization-feedback/ and start typing stuff in to see how it’s categorized and decide if you want to un-check that Category, or just add a bunch of Allows for specific domains. The rub is so many apps and websites use third party resources that may end up blocked.

You may just be better off sticking with Content Categories and blocking all the obvious choices. It won’t be 100% what you really want, but it should get you most of the way there.

1 Like

Agreed–we have a feature request in the backlog to block “uncategorized” as well which would cover anything not already categorized/blocked.

2 Likes