Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow wildcards/regex/CIDR notation for whitelist #8

Open
jsamuel opened this issue Dec 22, 2011 · 6 comments
Open

allow wildcards/regex/CIDR notation for whitelist #8

jsamuel opened this issue Dec 22, 2011 · 6 comments
Labels
feature request

Comments

@jsamuel
Copy link
Member

jsamuel commented Dec 22, 2011 

imported trac ticket
created: 2009-06-21 17:11:28
reporter: justin

There is a need to make available wildcard whitelisting, especially for users who have enabled stricter classification policies (e.g. full domain).

This will probably include both the ability to use just a * for a wildcard or use regex if preferred. Care must be taken to avoid users attempting to whitelist items such as 12.34.56.* and losing security as a result of whitelisting more than ip addresses. Allowing/requiring CIDR notation for this would help (at least, it would help the more advanced users -- the average user should at least be prevented from shooting themselves in the foot, though).
@jsamuel
Copy link
Member Author

jsamuel commented Dec 22, 2011 

imported trac comment
created: 2010-11-04 18:13:22
author: tnes

Is this just for domains/IPs? Because it would be good if you would specify as a regex permitted URL destinations. e.g. you could whitelist the destination http://www.mywebsite.org/public/ to only allow cross domain access to files within that directory.

@jsamuel
Copy link
Member Author

jsamuel commented Dec 22, 2011 

imported trac comment
created: 2011-02-16 10:56:06
author: eibwen

Just an observation that using both regex and CIDR in the same policy may be useful, eg:
'''(https?|s?ftp)'''{{{://}}}'''127.0.0.0/8'''{{{/root_folder_is_really_here}}}

Note that the first slash after the ip address would be CIDR representation of the host and not the root folder...

@jsamuel
Copy link
Member Author

jsamuel commented Dec 22, 2011 

imported trac comment
created: 2011-08-03 20:45:55
author: jbn

Regular expression capturing parentheses and backreferences could be a way to implement a feature I wish !RequestPolicy had -- automatic whitelisting of hosts in the same subdomain.

If I visit www.foo.com which hosts images on images.foo.com, and videos on video.foo.com, I want to allow www.foo.com to load stuff from the other *.foo.com sites so I can see the entire webpage. I figure that I apparently already trust foo.com's admins to know that I'm visiting the page, so letting those admins see that I'm also fetching page-related content should be okay. I would want to do this so often that I would want this to be a default setting for myself.

Regular expressions can help me accomplish what I'm after. If there were some way of saying:{{{ Allow requests from ^.+.(...)$ to ^\1$}}}\for all sites, that could help me get what I'm after.

This was referenced Dec 22, 2011
Open
Closed
Open
Open
Open
Open
Open
Open
Closed
Open
Open
@RasmusMalver RasmusMalver mentioned this issue Jul 18, 2013
Open
@Semisonic
Copy link

So what about this feature? Any plans of doing something like that?

The problem is now showing itself rather often because of a major CDN service CloudFront which uses a whole bunch of ***.cloudfront.net domain names. Since most of the time it's the static content that's being hosted there, you will most likely allow the CloudFront domains, but since there are so many of them, you can hardly add them all to the whitelist manually. So at least something simple like *.cloudfront.net would be really useful.

I think that instead of waiting for the longest time trying to find enough resources to code all the text processing tools into the URL parser, at least a *.domain.name support could be implemented, at least for the time being. It's easier, and it's already something that will cover a half of all use-cases.

@Ranger2000
Copy link

This Feature is already implemented in the Version 1.x Beta.
https://www.requestpolicy.com/1.0.html

@drzraf
Copy link

drzraf commented Jan 16, 2014

issue #339
is about choosing a file-format to move away from prefs.js

@msxfm msxfm mentioned this issue Jul 7, 2014
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@drzraf @jsamuel @Ranger2000 @Semisonic