When generating a destination list, it's possible you will see errors if the format of the destination is entered incorrectly. This article describes what can or cannot be in a destination list as well as providing common errors and resolutions.
A destination list is quite literally a list of internet destinations that can be blocked or allowed based on the administrative preferences for the policies applied to the identities within your organization.
A destination is currently defined as an IP, a fully qualified domain name or URLs. In upcoming releases, we will allow for the possibility of adding custom URLs to be blocked in a destination list. This article includes errors generated from incorrectly adding a URL, however this feature is currently not available for most customers and is in still in limited availability.
This article briefly outlines what is or isn't acceptable to be added to a destination list at this time and as this information changes, this article will be updated.
What you can add to a destination list
1. Fully qualified domains and subdomains. The protocol is not required (eg: no "http://" needs to be added in front front of the domain).
If you wish to block all subdomains of a domain, add the top level domain name as exampledomain.com
If you wish to only block a subdomain, add the subdomain as subdomain.exampledomain.com
2. IP addresses can be added to an Allow Destination only. These can only be IPv4 and cannot include ranges like /31 or /16 or subnet masks like 255.255.255.0. An example would be 100.100.101.250
What you cannot add to a destination list
1. You cannot add wildcards. A wildcard is implicit in the way DNS is structured, so adding a domain covers all of the subdomains and there is no reason to add *.domain.com to cover this.
2. Certainly very popular domains cannot be blocked with our custom URL feature.
The custom URL destination block lists feature enables Umbrella to extend a domain level block list to encompass full and partial URLs. In turn, this allows you to block certain portions of a website based specifically on the full or partial URL. However, there are limitations and it's possible that the configuration of your destination lists might result in error messages.
NOTE: The feature described in this article is currently not available for most customers and is in early release. For more information, please read: https://docs.umbrella.com/product/umbrella/custom-url-destination-list-how-to
For more information about guidelines that must be followed to ensure that the URL you are entering is actually the one you want blocked, see Custom URL Destination Normalization
|URLs in allow lists are not currently supported. Consider adding the domain only instead.||You'll get this error message if you add a URL to an allow list. Remove the URL and replace it with the domain for that URL.||We are considering adding custom allowed URLs in the future. Please submit a feature request if you would like to see this feature added to Umbrella.|
|Please check to confirm that the URL was entered correctly.||There was a problem with the URL, either in the domain, path or query. Review your URL for legal characters and URL composition. Additionally, you may enter a partial URL to leverage right-side wildcarding. For more information, see Custom URL Destination List How-To.||We adhere to RFC-3986.|
|The supplied URL belongs to a domain that does not present a security concern but may impact Umbrella performance if proxied. Consider adding the domain only instead.||URL matches the high-volume domain list. Consider blocking the domain if you don't trust the destination.||High volume domains do not present a security risk themselves and do not require additional scrutiny.|
|The supplied destination matches the Umbrella global allow list and cannot be saved.||The destination matches the protected allow list. If this error is occurring on a URL, consider blocking the domain if you don't trust the destination. If you're not sure why this destination is considered protected, please contact support.||Destinations in the protected allow list either host services other than HTTP and cannot be proxied or are critical to Umbrella operations.|
|Only ASCII characters can be used for defining URLs.||The URL contains non-ASCII characters. Try percent-encoding the URL or block the domain.||The Intelligent Proxy currently does not support non-ASCII characters. Please submit a feature request if you would like non-ASCII characters supported in Umbrella.|
|There was an issue with one or more of the destinations in the uploaded list.||This is a bulk upload error message. One or more of the URLs or domains supplied in the uploaded list match one of the error conditions above.
Umbrella should provide you with a link to download a list of destinations that could not be uploaded. Please correct or remove the destinations from your bulk upload list and try again.
|Umbrella will not write uploaded destinations to the database unless all uploaded destinations can be accepted.|
|Invalid destination.||No action can be taken at this time. This is a generic error message.||The supplied destination cannot be accepted by Umbrella. You have encountered an error condition Umbrella cannot account for. Please log a case with support so that we can address this error condition.|