Why is the Global Allow/Deny list not working as expected?


You can add specific websites to the Global Allow/ Deny list to unblock/block them for all your users. To do this you would need to navigate to the Policy Editor > Global Settings > Allow/Deny and adding the websites there.


However, sometimes you may experience that the blocked site continues to be accessible to the user and vice-versa. This issue may arise because of your DNS caching. The way DNS protocols work, the DNS responses have a Time To Live (TTL) which ranges between a few seconds to a few hours. If you do not see your block/allow changes reflected it may mean that the TTL on the DNS entry for that domain has not yet expired.

Once the TTL expires and a new DNS query is made, your changes will be reflected. However, you can also expedite this process by clearing your DNS cache.

To do this execute the following commands and restart your browser

  1. Windows  - command line: ipconfig /flushdns
  2. MacOS  - terminal: dscacheutil -flushcache

Note that the DNS cache on your server would also need to be cleared

Windows Server

In the DNS Manager, right-click the server name and select ‘Clear Cache’.


Have more questions? Submit a request