Prevent Bypass of DNS Content Policy
Ensure that filtering is not bypassed either intentionally or unintentionally.
Preventing intentional or unintentional bypass of your Content Policy.
We recommend combining multiple approaches to ensure better results.
Dashboard Settings
Prevent bypass methods that involve making changes to settings in your Tech Lockdown dashboard. For example, reducing the restrictiveness of content policy rules and settings.
Lock your Tech Lockdown Profile
Locking your Tech Lockdown profile enables a more restrictive experience, preventing you from making your settings less restrictive while empowering you to increase restrictions or troubleshoot.
Get Started
Lock your Tech Lockdown Profile
Prevent easy access to making settings less restrictive.
Monitor Activity
Another way to prevent bypass is by monitoring activity like websites visited and changes on the dashboard settings.
Content Policy
View and Manage Activity
View traffic logs, connected devices, and customize your preferences.
Cloudflare App Preferences
If you're using the Cloudflare One or Cloudflare WARP app to connect to your content policy using a VPN connection, there are some app preferences that can be set to prevent bypass by making changes in the app.
App Preferences
Set App Preferences on the Tech Lockdown Dashboard
Set Cloudflare App Preferences on the Tech Lockdown Dashboard.
Recommended Content Policy Rules to Prevent Bypass
There are some rules that we recommend adding to your Content Policy to block some common bypass techniques.
Block VPNs and Proxies
VPNs and proxies can conflict with a content policy, so we recommend restricting access to them. There are device-specific VPN blocking techniques you can use as well (see the bypass prevention guides for each device at the bottom of this page).
Enforce an Internet Downtime
An internet downtime rule can help limit internet usage to hours of the day where there's more oversight. This will block the entire internet, excluding any exceptions you've made in an Allowlist rule.
You can customize the internet downtime schedule after you create the rule.
Bypass Prevention by Device
Each device has specific bypass prevention methods that we recommend.
iPhone
Windows
Content Policy
Preventing Bypass on Windows
After you've connected your Windows device to your Content Policy, the next step is to enforce that connection.