Block TLDs with ZScaler ZIA


(Alex) #1

Is there an option with ZScaler to block TLDs?

(Scott Bullock) #2

Hi Alex, I just DM’d you the ER number, your Customer Success manager will be able to provide more updates in this regard.

With a lens on the use-case, which TLD’s are you looking to block and why?


For us it’s because in schools, much content on TLDs such as .io and .tv is garbage which they would like for students to avoid.
Plus other filter vendors support this such as:





(Thomas Quinlan) #4

You can block countries within Zscaler under “Advanced Threat Protection | Blocked Countries”. Little known is that fancy domains like “.TV” and “.IO” correspond to countries and/or territories; for the former, it is Tuvalu; for the latter, British Indian Ocean Territory. You can choose these countries to block these domains. This won’t work for domains that aren’t country specific (.aero, .museum, etc.) but this functionality is in the ER already documented by @skottieb.

(Angus) #5

Declaring the .io TLD to be “garbage” is just plain ignorant. Students doing anything tech-related on the Internet are likely to come across .io domains at some point. * and are two that immediately come to mind.

(Paul Nurse) #6

I would prefer to block these by default as well and only allow allow the ones I want. Whether or not it makes sense or not would depend on the business, and as @ddunlap stated, other products offer this option.