TOP1M Whitelist configuration



  • I had a couple of questions about the implementation of the TOP1M/Cisco Umbrella whitelist. I have enabled it but does this create an alias or rule I need to place somewhere? Also, it looks like Alexa TOP1M is a paid service, so does this work at all? Is there anywhere I can "see" this whitelist working or not?



  • The TOP1M feed can be used to whitelist the most popular Domain names to avoid false positives.

    So it is used to remove popular domains from your blocklist. If you inspect pfblockerNG.log you will see that in action:

    [ Phish_OpenPhish ]		 Downloading update11/24/18 11:20:07 |  .11/24/18 11:20:07 | . 200 OK11/24/18 11:20:07 | .
     TOP1M Whitelist: risechma.weebly.com|tw.screener.finance.yahoo.net|
     ----------------------------------------------------------------------
     Orig.    Unique     # Dups     # White    # TOP1M    Final                
     ----------------------------------------------------------------------
     1846     742        211        0          2          529                  
     ----------------------------------------------------------------------
    11/24/18 11:20:11 |   IPv4 count=13
    11/24/18 11:20:11 | 
    

    In this case it removed 2 domain names from the blocklist.