Gateway Policies not blocking domains and domains are showing as "allowed" on logs

I actually submitted a ticket to Cloudflare and went through a few troubleshooting steps with them, but I haven’t gotten a response in 2 weeks even after repeatedly asking for an update.

I’ve already checked the Community questions and it seems like some people have had similar problems but I don’t see any resolutions.

I’ve got some domains blocked in Gateway Policies, but and they’re showing up in the logs, so I know that the requests are being transmitted correctly to Cloudflare, but the domain is showing up as “allowed”.

How to reproduce:

  1. Go to Gateway > Policies
  2. Create a test policy like: Domain in “xyz.com”.
    Action = Block
  3. Go to the computer and do a ping or nslookup for xyz.com
  4. Go to the Gateway Activity Log and see that query “xyz.com” was Allowed and that the Resolver decision was “Allowed On No Policy Match”, which is not true.

Any ideas on how to fix this?

Could be a silly suggestion, but have you made sure that there is only a single entry in the policy? The entries within the policies and evaluated with AND statements, so all entries need to be TRUE for the policy to match.

That…actually seemed to fix the problem. One of the entries caused the policy to fail. Thanks for the suggestion!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.