Newbie Questions - Wildcard Polices and Categories

I am new to Cloudflare and cannot find answers to these two questions. Maybe someone can point me at the right documentation.

  1. I want to set up a Policy rule "Allow where Domain is “*.bbc.co.uk” but not “bbc
    ie I want all “bbc.co.uk” subdomains, but not others like “bbc.blah.com

  2. How do I find out if a domain is in a category? Is there a way to look that up?
    sub-question - where do you get your category info from, and can I suggest an entry?

Thanks in advance

Hi @charles8,

If you use the ‘DNS Domain’ selector, I believe it will do what you want with blocking subdomains as well.

DNS Domain: Use this selector to match against a domain and all subdomains—for example, if you want to block example.com and all subdomains of example.com.

DNS Host: Use this selector to match against only the hostname specified—for example, if you want to block only example.com but not subdomain.example.com.

https://developers.cloudflare.com/cloudflare-one/policies/filtering/dns-policies-builder#expressions

I believe the categories used are the same as Cloudflare Radar, so you can go to https://radar.cloudflare.com/domain/example.com to see the category. There is then also a ‘Submit categorisation feedback’ option on that page.

@domjh Thanks for the response.

The expression builder does not do what I hoped. In my example, I want to exclude a domain with “bbc” anywhere in the domain name except for the official domain/sub-domain ending in “bbc.co.uk”.

Any ideas how to do that?

On the category point - thanks that is helpful.

Charles

Oh, sorry I misunderstood what you wanted. So you essentially want a “contains” selector so you can make a rule like

domain contains bbc
and
domain is not bbc.co.uk

I’m not sure that is currently possible.

cc @pzimmerman

It would be really valuable if it did exist. It’s possible in pi-hole.

Also, on categories, do you know if the DNS organisations like Cloudflare actually remove dodgy domains like new-delivery-attempt.com rather than putting them into a category? I would have expected to find it, but can’t.

Charles

@charles8 This sounds like you’d need to use regular expressions (the selector “matches regex”). You can validate your regular expression (we use rust on the backend) using this site:

https://rustexp.lpil.uk/

1 Like