Home

allowlisting

Allowlisting, also spelled allow-list, is the practice of explicitly permitting a defined set of entities to access a resource, perform an action, or run software. In typical security configurations, access is denied by default and only items on the allowlist are granted permission. This contrasts with denylisting (or blocklisting), where access is allowed by default and specific items are blocked. The concept applies across domains, including network access, email filtering, software installation, and application execution.

Common implementations include IP address or domain allowlists in firewalls and content filters, sender or recipient

Benefits of allowlisting include reduced exposure to unknown or untrusted sources and a stronger security posture

Terminology has shifted toward neutral language in many organizations. Allowlist and blocklist (or denylist) are increasingly

allowlists
in
email
systems,
and
application
allowlists
in
endpoint
protection
and
operating
system
controls.
In
software
development,
allowlisting
can
restrict
installation
and
execution
to
approved
applications
or
components.
In
cloud
and
identity
systems,
allowlists
may
govern
API
access,
user
accounts,
or
service
principals.
when
the
universe
of
permitted
entities
is
small
and
well
managed.
Drawbacks
include
the
ongoing
maintenance
required
to
keep
the
list
current,
potential
false
positives
that
block
legitimate
users
or
services,
and
scalability
challenges
in
dynamic
environments.
preferred
over
terms
that
imply
value
judgments.
Some
contexts
also
use
more
descriptive
phrases,
such
as
approved
entities
or
permitted
access,
to
reflect
policy
intent.