browse
Overview
A common issue with blocking/allowing access to a site (www.example.newsite.com) in Cisco Umbrella is that additional domains need to be accounted for.
Allowing
Let's say that you want to allow "www.sfgate.com", and so you add "sfgate.com" to your allow list. However, after visiting the site, you find that only the text is showing. When this happens, there are domains needed by the domain that are still being blocked.
If you perform a HAR capture in the browser, it lists some of the domains as being called out after "www.sfgate.com" has successfully resolved. In this capture, you would view the following DNS records:
fls.doubleclick.net
s.meebocdn.net
ww1.hdnux.com
ww2.hdnux.com
ww3.hdnux.com
ww4.hdnux.com
www.sfgate.com
www.zvents.com
ssl.gstatic.com
Why is this necessary?
For efficiency, almost all websites load content from other sources. This can include but is not limited to image resources, scripts, ads, and social media plugins. Because of this, Cisco Umbrella's settings might be blocking some of these resources, and elements of the page won't load properly or load without formatting.
To view this content, your settings must be updated to allow for the domains.
Note: If you're using Allow Only Mode, you will almost always have to take these steps.
Ways to identify the domains
One easy way to find the domains required is to use Google Chrome's DNS prefetch tool which logs your queries.
Once the feature is turned on in your browser, you can visit the site you want to collect information about.
After the site has completely rendered (or all elements are downloaded), you can enter the following into the URL bar in the browser:
chrome://predictors
Next, use CTRL+F to find the domain you are looking for. This screenshot uses "www.bostonglobe.com" as an example.
These entries would be required to allow this site to render completely:
bostonglobe.com
c.o0bg.com
cdn.insights.gravity.com
metrics.boston.com
ping.chartbeat.net
rma-api.gravity.com
rmedia.boston.com
static.chartbeat.com
apis.google.com
ssl.gstatic.com
Other methods of identifying these domains include packet captures (collected by tools such as Wireshark), collecting HAR files, or using websites such as webpagetest.org.