New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow wildcards/regex/CIDR notation for whitelist #8
Comments
Is this just for domains/IPs? Because it would be good if you would specify as a regex permitted URL destinations. e.g. you could whitelist the destination http://www.mywebsite.org/public/ to only allow cross domain access to files within that directory. |
Just an observation that using both regex and CIDR in the same policy may be useful, eg: Note that the first slash after the ip address would be CIDR representation of the host and not the root folder... |
Regular expression capturing parentheses and backreferences could be a way to implement a feature I wish !RequestPolicy had -- automatic whitelisting of hosts in the same subdomain. If I visit Regular expressions can help me accomplish what I'm after. If there were some way of saying:{{{ Allow requests from ^.+.(...)$ to ^\1$}}}\for all sites, that could help me get what I'm after. |
So what about this feature? Any plans of doing something like that? The problem is now showing itself rather often because of a major CDN service CloudFront which uses a whole bunch of ***.cloudfront.net domain names. Since most of the time it's the static content that's being hosted there, you will most likely allow the CloudFront domains, but since there are so many of them, you can hardly add them all to the whitelist manually. So at least something simple like *.cloudfront.net would be really useful. I think that instead of waiting for the longest time trying to find enough resources to code all the text processing tools into the URL parser, at least a *.domain.name support could be implemented, at least for the time being. It's easier, and it's already something that will cover a half of all use-cases. |
This Feature is already implemented in the Version 1.x Beta. |
issue #339 |
There is a need to make available wildcard whitelisting, especially for users who have enabled stricter classification policies (e.g. full domain).
This will probably include both the ability to use just a * for a wildcard or use regex if preferred. Care must be taken to avoid users attempting to whitelist items such as 12.34.56.* and losing security as a result of whitelisting more than ip addresses. Allowing/requiring CIDR notation for this would help (at least, it would help the more advanced users -- the average user should at least be prevented from shooting themselves in the foot, though).
The text was updated successfully, but these errors were encountered: