File size: 6,019 Bytes
a777eba |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
//=========================================================================
// DOMAINFLAGS.TXT
//
// This file allows control of how DG Web Inspection Proxy
// handles HTTP and HTTPS requests made to specific web servers
//
// Current Domain Flags Definition
// (Version 9.3.0)
//
//
// Control Flag Name Parameter
// ------------------------ ---------
// SKIP INSPECTION SK
// SKIP INSPECTION if TLS TLSK
// USE BROWSER CACHING (default) CACHE
// DISABLE BROWSER CACHING NCACHE
// SKIP HTTPS SITES WHEN ACCESSED BY SAFARI TLSK_SAFARI
// SKIP HTTPS SITES WHEN ACCESSED BY CHROME TLSK_CHROME
// SKIP HTTPS SITES WHEN ACCESSED BY FIREFOX TLSK_FIREFOX
// SKIP HTTP TRAFFIC AT THE TCP LEVEL HTTP_TCPSK
// SKIP THE UPSTREAM PROXY (EXPLICIT PROXY MODE ONLY) SK_PROXY
// USE HTTP1.1 ONLY (AVOID HTTP2.0) HTTP1_1_ONLY
//
// NOTES:
// CACHE is useful to enable caching on a specific site if caching is disabled globally.
// (If caching is not disabled globally, CACHE has no effect, so can be used
// to create a domain flag entry that stops other entries from being applied.)
// If NCACHE and CACHE are both specified on the same line, NCACHE takes precedence.
// If SK or TLSK is specified all other processing is skipped, including CACHE and NCACHE.
// Add entries to the domain flags file in order of precedence.
// IP Address entries and Domain entries are treated separately.
// For each request the flags from the first matching IP address entry,
// amd the first matching domain entry are combined and applied.
//
// You can add a line to this file for each domain or IP address (range)
// that you need special handling for. Each line can contain either a
// domain entry or an IP subnet entry.
//
// Examples:
// example.com,SK //<-- SKIP inspection of requests to example.com
// example.com:80,SK //<-- SKIP inspection of requests to example.com port 80
// *.example.com,SK //<-- SKIP inspection of requests to immediate subdomains of example.com
// **.example.com,SK //<-- SKIP inspection of requests to all subdomains of example.com
// IPv4 examples
// 10.20.10.1,SK //<-- SKIP inspection of requests to the server at 10.20.10.1
// 10.10.0.0/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network
// 10.20.10.1:80,SK //<-- SKIP inspection of requests to the server at 10.20.10.1 port 80
// 10.20.0.0:80/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network port 80
// IPv6 examples
// [fe80::1c31:6bc2:7f5:675c],SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c
// [fe80::]/64,SK //<-- SKIP inspection of requests to the fe80::/64 network
// [fe80::1c31:6bc2:7f5:675c]:80,SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c port 80
// [fe80::]:80/64,SK //<-- SKIP inspection of requests to the fe80::/64 network port 80
// Domain wildcard syntax is designed to mimic directory glob syntax.
// It is not a full regular expression syntax.
// The following meta-characters are supported:
// • “*” will match any character except “.”
// • “**” will match any character including “.”
// • “?” will match a single character
// • “[]” can be used to specify a character match list. For example [ab] will match a or b but will not match c
// • “[!]” can be used to specify a negative character match list. For example [!ab] will not match a or b but will match c
// • {} can be used to specify comma separated pattern alternatives. For example {ab,de} will match ab or de
// Ad networks
secure.adnxs.com,SK
as-*.casalemedia.com,SK
logx.optimizely.com,SK
fastlane.rubiconproject.com,SK
tps*.doubleverify.com,SK
timeinc-*.openx.net,SK
ads.adaptv.advertising.com,SK
// Microsoft website for AD FS
login.microsoftonline.com,SK
// Single Sign On sites
sso.teamviewer.com,SK
idp.blackberry.com,SK
pki.entitlement.siemens.com,SK
// Apple websites with certificate checks on Safari Browser
safari-extensions.apple.com,TLSK_SAFARI
icloud.com,TLSK_SAFARI
setup.icloud.com,TLSK_SAFARI
edge.icloud.com,TLSK_SAFARI
*pushws.icloud.com,TLSK_SAFARI
*contactsws.icloud.com,TLSK_SAFARI
feedbackws.icloud.com,TLSK_SAFARI
*keyvalueservice.icloud.com,TLSK_SAFARI
idmsa.apple.com,TLSK_SAFARI
**.apple.com,TLSK_SAFARI
// Salesforce caches the case files. NCACHE is needed to override caching
// if you want to log/block NTDs.
**.force.com,NCACHE
// dropbox (and others) use cache-control headers for downloaded contents. NCACHE is needed
// to override caching if you wan to log/block NTDs.
**.dl.dropboxusercontent.com,NCACHE
web.opendrive.com,NCACHE
mail-attachment.googleusercontent.com,NCACHE
// DLPTEST caches files. NCACHE is needed to override caching for logging/blocking NTDs.
dlptest.com,NCACHE
// chrome remote desktop
instantmessaging-pa.clients6.google.com,TLSK_CHROME
// Microsoft AIP / MIP (pinned certificates / tls renegotiation)
**.aadrm.com,SK
**.protection.outlook.com,SK
// Microsoft Edge sync service
edge-enterprise.activity.windows.com,SK
edge.microsoft.com,SK
// Microsoft Teams presence
**presence.teams.microsoft.com,SK
// Microsoft telemetry (teams, browser, mobile, etc)
**.events.data.microsoft.com,SK
**.events.data.msn.com,SK
*-telemetry.officeapps.live.com,SK
// Firefox telemetry
incoming.telemetry.mozilla.org,SK
// Push Notifications are often implemented by FCM.
// Fixes the case when push notifications do not appear
mtalk.google.com,SK
// SA-38414, Online commerce
cc.zdtc.app,SK
// Microsoft Teams audio connections
**.relay.teams.microsoft.com,SK
|