Custom lists

In a custom list configuration you define the known and suspected domains and IP addresses for a policy. You add custom lists to a policy. You also select how Enterprise Threat Protector (ETP) handles known or suspected threats to your network. If a domain or IP address is listed in more than one list, ETP performs the policy action with the highest priority. To learn more about policy actions, see Policy actions.

When you add a custom list, you can assign the malware, phishing, command and control, DNS exfiltration, and other categories to a custom list. You cannot change the category after you create a custom list.
Category Description
Malware Domains and IP addresses known or suspected to host malicious software.
Phishing Domains and IP addresses known or suspected to host phishing websites that gather user credential information.
Command and Control (C&C) Domains and IP addresses used by malicious command and control servers.
DNS Exfiltration Domains and IP addresses that serve as a communication channel over DNS. This channel may be used to steal sensitive data or circumvent traditional access restrictions by allowing malware to communicate outside the network.
Other Domains or IP addresses that are not associated with a specific threat category.

In a policy, you assign an action to known or suspected threats in a list. If you assign a block action, you can select the users or groups that are exceptions to the block and can access the domains or IP addresses you configured in the list. You can select user and group exceptions if the policy is configured with an authentication mode and you associate an identity provider to the policy. For more information, see Authentication policy.

In addition to custom lists where you identify specific domains and IP addresses, you can also create the following types of lists:
  • A top-level domains list contains country-code top-level domains (ccTLD) and generic top-level domains (gTLD). For more information, see Top-level domains list.
  • An exception list contains the domains or IP addresses that you want directed to the origin. If ETP proxy is enabled, the domains or IP addresses in this list bypasses ETP Proxy. For more information, see Exception lists.
  • A file hash list contains the hashes of files that you don’t want scanned by data loss prevention (DLP). For more information, see File hash lists and Data loss prevention.

When creating any type of custom list, whether it is a custom list, top-level-domains list, or an exception list, each entry is counted. For example, in a custom list, each domain and IP address entry is counted separately. ETP allows you to have a maximum of 200,000 list entries.

An enterprise can create a maximum of 100 lists. If your organization needs to create more lists, contact your Akamai representative.

Like other configuration changes, you must deploy a new or updated list to the ETP network. Custom lists deploy in the same 20-30 seconds as other configuration changes.