For RPZ policy actions, are there real life use examples for each?
Hi;
For Block (NXDOMAIN), Block (NODATA) and Substitute (DOMAIN), where would you use each action and why?
Kindly
Wasfi
Best Answers
-
Hi,
In my opinion this is totally options and how you want to override the response.
in my use case any rpz rules hits will redirect to a landing page which contain information about why this domain is blocked but this is mostly for domain that usually access by user - category filter (like adult domain, gambling domain, phishing etc)
but for domain that categorized as malware or ransomware i will choose to use nxdomain or nodata because the domain is not intentionally query or access by the user, but mostly queried by malware in the background so we dont need redirect to landing page.
1 -
Substitute: captive portal page with bypass code capabilities, block to tell a user that it's frowned upon (exists but can't be reached) and NXDOMAIN indeed for a different message. Depends how much you want to show to a user etc
0
Categories
- All Categories
- 5.1K Forums
- 4.6K Critical Network Services
- 464 Security
- Visibility and Insights
- Ideas Portal
- Webinars & Events
- 260 Resources
- 260 News & Announcements
- Knowledge Base Articles
- Infoblox Documentation Portal
- Infoblox Blog
- Support Portal
- 4 Members Hub
- 4 Getting Started with Community
- Community Support