Policy conflicts

Policy conflicts may occur if multiple lists are assigned to a policy and those lists contain matching or overlapping domain names, IP addresses, or URLs. When conflicts exist, ETP uses the following logic to determine the policy action.

Note: This policy behavior is currently in beta. To participate in the beta, contact your Akamai representative.

Based on List Type

All lists that are created by administrators (block and exceptions lists) are prioritized over other lists in ETP. This means that the action associated to domains or URLs in custom block list or exception list prevail over the action associated to the same domain or URL in any of these lists:
  • Akamai Security lists. This includes the domains, IP addresses, and URLs associated with Akamai threat categories, such as malware, phishing, command & control, and more.
  • Microsoft 365. Domains and IP addresses associated with Microsoft apps and services, such as Microsoft office apps, Outlook, cloud storage, and more.
  • Acceptable use policy (AUP) and application visibility and control (AVC). Domains, IP addresses, and URLs for websites and applications. These websites and applications correspond to the AUP and AVC configuration in a policy.

Based on Longest Domain/URL Match

If the same domain is specified in multiple custom lists or ETP lists using different suffix lengths, ETP enforces the policy action assigned to the longest matching address.
Note: If the same domain or URL is found in a custom block or exception list and in an ETP list, the policy action of the custom list takes priority.
For example, if the following lists are assigned to the same policy and a user goes to foo.bar.com, the Monitor action prevails, because it satisfies the longest matching address.
  • List 1 is set to Block bar.com.
  • List 2 is set to Monitor foo.bar.com.

Based on Priority of Action

If the same domains, IP addresses, and URLs are configured in multiple custom lists or in multiple Akamai lists with conflicting actions, ETP selects the action based on this priority:
  1. Bypass
  2. Block
  3. Monitor
  4. Classify
  5. Allow
For example, if the following lists are assigned to the same policy and a user goes to bar.com, the Bypass action prevails, because it has higher priority.
  • List 1 is set to Block bar.com.
  • List 2 is set to Bypass bar.com.