About lists

‚ÄčSIA‚Äč allows you to create two broad categories of lists: block lists and exception lists. The actions associated with these lists are prioritized over ‚ÄčAkamai‚Äč Security and classifications in ‚ÄčSIA‚Äč. If domains, IP addresses, or URLs are configured in multiple lists with conflicting actions, ‚ÄčSIA‚Äč selects the action based on a priority. For more information, see Policy conflicts.

Each entry in a list is counted separately. For example, in a custom list, each domain and IP address is counted as a separate entry. ‚ÄčSIA‚Äč allows you to have a maximum of 200,000 list entries.

An enterprise can create a maximum of 100 lists. If your organization needs to create more lists, contact your ‚ÄčAkamai‚Äč representative.

You need to deploy your work after creating, modifying, or deleting a list. The deployment takes approximately 20-30 seconds.

Block lists

Block lists are used to define whether a policy should block, monitor, or allow access when users make requests to outside resources.

In a block list, you can configure the following:

  • Domains. You can identify domains that you know or suspect are threats.
  • IP addresses. You can identify the IP addresses that you know or suspect are threats.
  • File hashes. You can identify the hashes of files that you want to block, monitor, or allow.
  • URLs. You can identify the URLs that you want to block, monitor, or allow.
  • Top-level domains. You can identify country-code top-level domains (ccTLD) and generic top-level domains (gTLD).

If you select the allow action when assigning a block list to a policy, note the following:

  • If the proxy is enabled, this action directs traffic to ‚Äč‚ÄčSIA‚Äč‚Äč Proxy for analysis.
  • If the proxy is disabled, this action resolves requests to the origin.

To learn more about the Allow policy action, see Allow.

Exception lists

Exception lists are used to define the specific traffic and file hashes that you don‚Äôt want scanned by ‚ÄčSIA‚Äč or ‚ÄčSIA‚Äč Proxy. If ‚ÄčSIA‚Äč Proxy is enabled, the proxy does not scan the domains, IP addresses, URLs, or file hashes in exception lists. By default, when a user associates an exception list to a policy, it's assigned the bypass policy action.

In an exception list, you can configure the following:

  • Domains. You can specify the domains that you don‚Äôt want scanned or analyzed by ‚ÄčSIA‚Äč.
  • IP addresses. You can specify IP addresses that you don‚Äôt want scanned or analyzed by ‚ÄčSIA‚Äč.
  • File hashes. You can specify the hashes of files that you don't want scanned by ‚Äč‚ÄčSIA‚Äč Proxy.
  • URLs. You can specify one or more URLs that you don't want scanned by ‚ÄčSIA‚Äč Proxy.