Deny List / Allow List Format Rules

The following format rules apply to Deep Discovery Inspector Deny Lists and Allow Lists.

Go to Administration → Monitoring / Scanning → Deny List / Allow List.

Deny List / Allow List Format Rules

Format Rule

Description

IP Address

Syntax

Single IP:

IP addresses must be in the format: XXX.XXX.XXX.XXX, where X is a whole number between 0 and 255.

IPv4 example: 192.168.1.1

IPv6 example: fd00:1:1111:200::1000
IP Range:

IP addresses must be in the format: XXX.XXX.XXX.XXX-XXX.XXX.XXX.XXX, where X is a whole number between 0 and 255.

IPv4 example: 192.168.1.0-192.168.1.255

IPv6 example: fd00:1:1111:200::1000-fd00:1:1111:200::1fff
Subnet:

IP addresses must be in the format: XXX.XXX.XXX.XXX/<Mask Bit>, where X is a whole number between 0 and 255, and <Mask Bit> is a whole number between 1 and 32.

IPv4 example: 192.168.1.0/24

IPv6 example: fd00:1:1111:200::1000/116

Maximum IP Address Entities

Add up to 10,000 Deny / Allow List IP Address entities.

Domain

Supported Characters

Each domain name must have at least one character.

Deep Discovery Inspector supports the following characters for domain names:

ASCII

0x2D (-), 0x2E (.)
0x30 (0) ~ 0x39 (9)
0x41 (A) ~ 0x5A (Z)
0x61 (a) ~ 0x7A (z)

UTF-8 characters (ASCII code >=0x80)

Note

Convert non-UTF8 characters to Punycode.

Maximum Length

Maximum length of each domain name: 63 characters

Maximum length of domain: 255 characters

Wildcards (*)

Wildcards are only allowed in a prefix. When a wildcard is used in a prefix, it must be connected with ". ". Only one wildcard may be used in a domain.

Domain matching is case-sensitive.

Maximum Domain Entities

Add up to 10,000 Deny List / Allow List Domain entities.

URL

Syntax

[http:// | https://]<Domain>[:<Port>][/<URI-prefix>]

[http:// | https://]

If unassigned, the default is "http://".

To match both "http://:" and "https://", create multiple rules.
<Domain>

Follow the syntax of Domain deny list for DNS.
[:<Port>]

(Optional) If unassigned, the default is ":80" (port 80) for HTTP or ":443" (port 443) for HTTPS.

Assign a specific port with a whole number between 1 and 65,535, or use a wildcard (*) to assign all ports.
[/<URI-prefix>]

(Optional) If unassigned, the default is a wildcard that matches all paths.

Use "/" and "/*" to match a URL without a path.

Example: www.abc.com/* matches www.abc.com

[/<URI-prefix>] is always applied as a prefix matching. Only one wildcard is accepted in a prefix.

URI matching is not case-sensitive.

Maximum URL Entities

Add up to 10,000 Deny / Allow List URL entities.

SHA-1

Syntax

Deep Discovery Inspector supports the following characters for SHA-1 rules:

ASCII

0x30 (0) ~ 0x39 (9)
0x41 (A) ~ 0x46 (F)
0x61 (a) ~ 0x66 (f)

Maximum Length

Maximum length of a SHA-1 rule: 40

Maximum SHA-1 Entities

Add up to 10,000 Deny / Allow List SHA-1 entities.

$('#title').html($('meta[name=description]').attr('content'));