Set up DNS exceptions

You may want to exclude access to some subdomains from the users. They can disable these subdomains from being intercepted by the EAA Client by setting up a DNS exception list.

Configured tunnel-type client-access application.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the tunnel application card, click Settings, and select ADVANCED SETTINGS.

  4. In EAA Client parameters > Domain exception list enter the names of the subdomains that need to be excluded from users.
    Users are denied in the domain from accessing these subdomains.

  5. Click Save and Deploy.

  6. Deploy the application.


The IT administrator wants to exclude payroll, benefits, and a confidential project called project1
under devops subdomains from all users. Under General tab, under Application identity settings, enter
the top-level domain, of the wildcard application, * as the internal host for Destination 1,
as shown here:

DNS exceptions example

Then specify the subdomains in the Domain exception list under EAAClient parameters as shown here:

DNS exceptions parameters example


The Domain exception list only supports exact matches. Regular expression pattern matches are not supported.