Why is the Global Allow/Deny list not working as expected?

You can add specific websites to the Global Allow/ Deny list to unblock/block them for all your users. To do this, you would need to navigate to the Policy Editor > Global Settings > Allow/Deny and add the websites there.


However, sometimes you may experience that the blocked site continues to be accessible to the user and vice-versa. This issue may arise due to your DNS cache. The way DNS protocols work, DNS responses have a Time To Live (TTL) which ranges from a few seconds to a few hours. If you do not see your block/allow changes reflected, it may mean that the TTL on the DNS entry for that domain has not yet expired.

Once the TTL expires and a new DNS query is made, your changes will be reflected. However, you can also expedite this process by clearing your DNS cache.

To do this, execute the following commands and restart your browser:

  1. Windows  - command line: ipconfig/flushdns
  2. macOS  - terminal: dscacheutil-flushcache

Note that the DNS cache on your server will also need to be cleared.

Windows Server

In the DNS Manager, right-click on the server name and select ‘Clear Cache’.



Was this article helpful?
93 out of 184 found this helpful
Have more questions?
Submit a request



Article is closed for comments.

Articles in this section

See more