Optimizing Host Access Rules
Figure 10 shows an example of a more complex host access rule in which a URL has been resolved to multiple physical host IP
addresses. However, unlike the previous example, it is sometimes possible to optimize the rule further by performing
reverse name resolution on the individual physical IP addresses obtained from the DNS lookup. If a common name pattern is
identified (figure 11), a more generalized rule can optionally be substituted for the original rule as shown in figure 12. This
is very useful whenever the actual number of physical hosts serving up a particular URL exceeds the number reported by
the single DNS lookup operation. The Block-IT technical documentation discusses this in more detail.
Figure 10 – It is sometimes possible to optimize a rule further by performing reverse name resolution on the
individual physical IP addresses obtained from the DNS lookup.
Figure 11 – If a common name pattern is identified, a more generalized rule can optionally
be substituted for the original rule.
Figure 12 – Examples of generalized rules (i.e., *.microsoft.com or www*.microsoft.com). The first generalized
rule was suggested by Block-IT, while the second one was the result of simple common sense.
Next: Block-IT - Licensing
