Notice: Due to size constraints and loading performance considerations, scripts referenced in blog posts are not attached directly. To request access, please complete the following form: Script Request Form Note: A Google account is required to access the form.
Disclaimer: I do not accept responsibility for any issues arising from scripts being run without adequate understanding. It is the user's responsibility to review and assess any code before execution. More information

Blocking TikTok: Because tiktok.com is Just the Tip of the Iceberg

byartic6 -
0

You will find when it comes to blocking websites and applications rely on third-party CDN infrastructure, they're becoming harder and harder to block with traditional methods. TikTok is a textbook example of this problem: even after blocking tiktok.com, the app still worked. The website loaded. Nothing meaningful broke.

That’s because TikTok doesn’t live at just one domain. It talks to a whole constellation of hosts, many of which don’t even include the word “tiktok” in them.


Why Block TikTok?

Firstly, I’m not a teenager anymore and I’m trying to limit toxic, bandwidth-hungry services on my network

If you wish to use TikTok, that is fine just do it off my network without my Zero Trust connection via WARP.

Why Just Blocking ticktok.com doesn’t Work

At first, I thought blocking tiktok.com would be enough. But nothing stopped working — not the app, not the browser version. Why?

Because TikTok uses:

  • Content Delivery Networks (CDNs) like Akamai or ByteCDN
  • Tracking and analytics subdomains
  • Video delivery networks
  • Third-party APIs

Some of these domains don’t even include “tiktok” in the name — making traditional blocking useless.

Tip: Use Your Browser to Discover What a Site Is Actually Talking To

One useful trick I used early on was the browser's Developer Tools.

  1. Open a browser (e.g. Chrome or Edge)
  2. Press F12 to open DevTools
  3. Go to the Network tab
  4. Visit https://www.tiktok.com
  5. Watch all the domains your browser contacts

This reveals dozens of hosts that the TikTok site loads — including tracking endpoints, video CDNs, and regional assets, the list is relentless.

⚠️ Be careful: blindly blocking everything you see in DevTools may break functionality for other websites or apps. Some of these services are shared across platforms.

What Actually Works: DNS Blocking via Cloudflare Zero Trust

After testing everything from HTTP filters to app-based blocking (which does nothing useful for the browser version), I landed on the one reliable solution: DNS policy enforcement.

Step-by-Step: How I Did It

This is how to complete this (at time of writing) in Cloudflare ZeroTrust

  • Navigate to Gateway → Policies → DNS
  • Policy name: Block TicTok
  • Action : Block
  • Traffic expression (The ?i modifier ensures the match is case-insensitive)

any(dns.domains[*] matches "(?i).*\.tiktok\.com" or
    dns.domains[*] matches "(?i).*\.tiktokcdn\.com" or
    dns.domains[*] matches "(?i).*\.tiktokv\.com" or
    dns.domains[*] matches "(?i).*\.tiktokd\.com" or
    dns.domains[*] matches "(?i).*\.byteoversea\.com" or
    dns.domains[*] matches "(?i).*\.ibytedtos\.com" or
    dns.domains[*] matches "(?i).*\.muscdn\.com" or
    dns.domains[*] matches "(?i).*\.pstatp\.com" or
    dns.domains[*] matches "(?i).*\.amemv\.com" or
    dns.domains[*] matches "(?i).*\.snssdk\.com")

  • Scope it to users, device groups, or IP ranges.
  • Ensure WARP clients are configured to enforce DNS via Cloudflare.

5. Test It

  • Try visiting https://www.tiktok.com in a browser.
  • Open the TikTok mobile app on a device using WARP.

    This was the blocked traffic chart on the TikTok testing day:

    The websites that got "blocked" went crazy while I was getting this working:

You should see:

  • NXDOMAIN errors for blocked domains
  • A complete failure to load videos or timelines
  • Breakage in app functionality

Domain List to Block (Copy/Paste Friendly)

*.tiktok.com
*.tiktokcdn.com
*.tiktokv.com
*.tiktokd.com
*.byteoversea.com
*.ibytedtos.com
*.muscdn.com
*.pstatp.com
*.snssdk.com
*.amemv.com

You can paste these into the UI as wildcards or use them in regex-matching expressions like above.

⚠️ Don't Over-Block

While using browser DevTools or DNS logs to discover new domains can help you expand your block list, be cautious. Some of TikTok’s infrastructure is shared with other platforms. For example:

  • *.pstatp.com is used by other ByteDance products
  • *.muscdn.com might also serve content for other apps

Blocking these domains too broadly could impact unrelated services or break app rendering.

Conclusion

Blocking TikTok is not a one-line fix — especially when more and more services rely on fragmented, CDN-distributed infrastructure. But with Cloudflare Zero Trust and a well-tuned DNS policy, it’s possible to cut TikTok off completely.

It took some testing, DevTools digging, and reading DNS logs — but it worked.

Tags
Previous Post Next Post

نموذج الاتصال