Order of precedence - allowlist vs denylist

  • Updated

Question

What takes precedence when you're using deny lists and allow lists?

Example:

agent:
 dotnet:
    app_pool_denylist: DefaultAppPool,DefaultAppPool2
    app_pool_allowlist: DefaultAppPool3,DefaultAppPool4
    application_denylist: App,App2,App3
    application_allowlist: App4,App5

Answer

Allowlist takes precedence over denylist.

App pool filtering is evaluated before application filtering. If an app pool is filtered out, the agent will never even get to the application filtering stage.

In this example, the deny lists are redundant and could be removed, since anything not in the allow lists will be denied.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request