When creating a Content Policy rule, you will need to specify the content that the rule applies to. Rules can be configured to block a specific website domain, app, or entire category of apps and websites.
You can select content in the following ways:
- Content Category: Almost every website on the internet is categorized in multiple ways. Apply a rule to a category allows you to match many different websites automatically.
- Apps: If you are wanting to block a specific App, like Tik Tok, this is the best method to choose. Apps use many different domains to function properly. Blocking an App will block all domains associated with the app.
- Domains: Specify a domain name, such as example.com.
Categories
Categories are used to group hundreds, thousands, or millions of websites at a time. Any website that matches a particular category will be automatically selected if a rule uses the category.
The most common places you'd use website Categories are on Allow, Block, or SafeSearch rules.
For example, if you want to block adult content, you would add the content categories under the Adult Themes heading to a Block rule.
How to Find a Website's Category
Sometimes, a website won't be grouped with an obvious category. For example, you might visit a Facebook webpage with Political content, but Facebook will be treated as a "Social Network" website.
To double check which category a website belongs to, you will need to use Cloudflare Radar to scan that domain.
Apps
You can also block specific Apps' connection to the internet within a rule.
Adding an App to a Block rule won't prevent the app from being downloaded or installed onto your device. Instead, that app will be disconnected from the internet.
You will generally be adding Apps to either Allow or Block Rules. To add an App to a rule, use the App section under the Categories menu:
Domains
You can specify a specific web domain with your Rules.
Domains apply to Allow, Block, SafeSearch, and YTRestricted rules. In most cases, you will be using them in either Block or Allow rules.
Hostnames and Subdomains
To edit websites by Hostname or Subdomain:
- Either create a new rule or edit a existing one; click on the Content tab.
- Under the Content tab, click on Domains.
- Add a domain to the Domains section.
- Click Add for each domain you want to add, then click Save to confirm changes.
There are some cases where a website uses multiple subdomains for various websites or services. For example, Google has a search engine at "google.com", but gmail is accessed through "mail.google.com". You can choose to block the entire Google domain (by blocking the "google.com" hostname), or mail specifically (using the "mail.google.com" subdomain).
Keywords
Choose a word that appears in a domain. For example, you can block any website with the word "chat" in its domain ("wechat.com" would match, but "meets.google.com" would not).
To add a domain word to a rule:
- Either create a new rule or edit an existing one; Click on the Content tab.
- Click on the Domain section.
- Add a keyword to the Domain Words section.
- Click Add for each domain word you want to add, then click Save to confirm changes.
Does Rule Order Matter?
Yes, it does. To make this as easy as possible as you create new rules, our dashboard automatically sorts rules correctly.
In general, here's how you want to order your Block, Allow, and SafeSearch/YTRestricted rules:
- Allow rules should always be first, towards the top; that way they don't get ignored. When you create a new Allow rule, it should be grouped towards the top of your Content Policy.
- SafeSearch and YTRestricted rules should be next. When you create a new SafeSearch or YTRestricted rule, they should be grouped after Allow rules.
- Block rules should be last, after SafeSearch, YTRestricted, and Allow rules. When you create a new Block rule, it should be grouped towards the bottom of your Content Policy.
Frequently Asked Questions
Exclude an App or Website from blocking.
If you are blocking a category like Social Networking, but do not want to block an app like LinkedIn, add the app to an allow rule this is higher up on the list compared to the block rule.
How do I find out what rule is blocking a website?
You can use the block page or examine blocked traffic logs to narrow down why something is blocked.
On the block page, you'll see the rule name listed near the bottom. You can also click the Cloudflare Radar link to look up the categories associated with that domain.
You can also go to Activity > Traffic Logs and look at recent blocked traffic. The associated category will be listed.
If you see a "This Connection is not Private" message instead of a Block page, it means block pages may not have been enabled on your device. Check this article to learn how to enable Block pages.
Enforce SafeSearch
We have a SafeSearch preset that is pre-configured to enforce SafeSearch on search engines that support the feature and automatically block other search engines that don't.
To add this rule preset, go to your Content Policy page. Create a new rule, and choose Presets from the Rule Action menu.
If you need more help with troubleshooting SafeSearch, check our dedicated SafeSearch troubleshooting guide.
Check rule order
The system should automatically handle the order, but double check that the SafeSearch rule is higher up on the list compared to the Block Search Engines rule.
If you need more help with troubleshooting your rules, check our dedicated Content Rule order troubleshooting guide.
Troubleshooting
I can't use Bing Chat (Copilot) due to SafeSearch
Bing's copilot chat won't work while SafeSearch is enforced. We suggest the following work-around:
- Create an Allow rule, name it "Exclude Bing from SafeSearch", and use Content > Applications to select Bing.
- Assign a schedule to this rule so that it's active during your productive hours and inactive during leisure time. You can also choose to have it on always.
- Save rule and go back to the Content Policy page.
- Ensure that this allow rule is ordered above the SafeSearch rule
Some apps or websites can be accessed during internet downtime
There are two common reasons:
- Caching on the device can cause the internet downtime rule to take some time to apply to apps that were previously opened on the device. You will usually see old, cached content that was viewed previously on the app.
- Content Policy rule order. The internet downtime rule should be ordered above all other Allow rules except for the rule where you specify Internet Downtime Exceptions.
I blocked an app or website but I can still access it
Please visit our Troubleshooting page for more detailed information.