| //========================================================================= | |
| // DOMAINFLAGS.TXT | |
| // | |
| // This file allows control of how DG Web Inspection Proxy | |
| // handles HTTP and HTTPS requests made to specific web servers | |
| // | |
| // Current Domain Flags Definition | |
| // (Version 9.3.0) | |
| // | |
| // | |
| // Control Flag Name Parameter | |
| // ------------------------ --------- | |
| // SKIP INSPECTION SK | |
| // SKIP INSPECTION if TLS TLSK | |
| // USE BROWSER CACHING (default) CACHE | |
| // DISABLE BROWSER CACHING NCACHE | |
| // SKIP HTTPS SITES WHEN ACCESSED BY SAFARI TLSK_SAFARI | |
| // SKIP HTTPS SITES WHEN ACCESSED BY CHROME TLSK_CHROME | |
| // SKIP HTTPS SITES WHEN ACCESSED BY FIREFOX TLSK_FIREFOX | |
| // SKIP HTTP TRAFFIC AT THE TCP LEVEL HTTP_TCPSK | |
| // SKIP THE UPSTREAM PROXY (EXPLICIT PROXY MODE ONLY) SK_PROXY | |
| // USE HTTP1.1 ONLY (AVOID HTTP2.0) HTTP1_1_ONLY | |
| // | |
| // NOTES: | |
| // CACHE is useful to enable caching on a specific site if caching is disabled globally. | |
| // (If caching is not disabled globally, CACHE has no effect, so can be used | |
| // to create a domain flag entry that stops other entries from being applied.) | |
| // If NCACHE and CACHE are both specified on the same line, NCACHE takes precedence. | |
| // If SK or TLSK is specified all other processing is skipped, including CACHE and NCACHE. | |
| // Add entries to the domain flags file in order of precedence. | |
| // IP Address entries and Domain entries are treated separately. | |
| // For each request the flags from the first matching IP address entry, | |
| // amd the first matching domain entry are combined and applied. | |
| // | |
| // You can add a line to this file for each domain or IP address (range) | |
| // that you need special handling for. Each line can contain either a | |
| // domain entry or an IP subnet entry. | |
| // | |
| // Examples: | |
| // example.com,SK //<-- SKIP inspection of requests to example.com | |
| // example.com:80,SK //<-- SKIP inspection of requests to example.com port 80 | |
| // *.example.com,SK //<-- SKIP inspection of requests to immediate subdomains of example.com | |
| // **.example.com,SK //<-- SKIP inspection of requests to all subdomains of example.com | |
| // IPv4 examples | |
| // 10.20.10.1,SK //<-- SKIP inspection of requests to the server at 10.20.10.1 | |
| // 10.10.0.0/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network | |
| // 10.20.10.1:80,SK //<-- SKIP inspection of requests to the server at 10.20.10.1 port 80 | |
| // 10.20.0.0:80/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network port 80 | |
| // IPv6 examples | |
| // [fe80::1c31:6bc2:7f5:675c],SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c | |
| // [fe80::]/64,SK //<-- SKIP inspection of requests to the fe80::/64 network | |
| // [fe80::1c31:6bc2:7f5:675c]:80,SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c port 80 | |
| // [fe80::]:80/64,SK //<-- SKIP inspection of requests to the fe80::/64 network port 80 | |
| // Domain wildcard syntax is designed to mimic directory glob syntax. | |
| // It is not a full regular expression syntax. | |
| // The following meta-characters are supported: | |
| // β’ β*β will match any character except β.β | |
| // β’ β**β will match any character including β.β | |
| // β’ β?β will match a single character | |
| // β’ β[]β can be used to specify a character match list. For example [ab] will match a or b but will not match c | |
| // β’ β[!]β can be used to specify a negative character match list. For example [!ab] will not match a or b but will match c | |
| // β’ {} can be used to specify comma separated pattern alternatives. For example {ab,de} will match ab or de | |
| // Ad networks | |
| secure.adnxs.com,SK | |
| as-*.casalemedia.com,SK | |
| logx.optimizely.com,SK | |
| fastlane.rubiconproject.com,SK | |
| tps*.doubleverify.com,SK | |
| timeinc-*.openx.net,SK | |
| ads.adaptv.advertising.com,SK | |
| // Microsoft website for AD FS | |
| login.microsoftonline.com,SK | |
| // Single Sign On sites | |
| sso.teamviewer.com,SK | |
| idp.blackberry.com,SK | |
| pki.entitlement.siemens.com,SK | |
| // Apple websites with certificate checks on Safari Browser | |
| safari-extensions.apple.com,TLSK_SAFARI | |
| icloud.com,TLSK_SAFARI | |
| setup.icloud.com,TLSK_SAFARI | |
| edge.icloud.com,TLSK_SAFARI | |
| *pushws.icloud.com,TLSK_SAFARI | |
| *contactsws.icloud.com,TLSK_SAFARI | |
| feedbackws.icloud.com,TLSK_SAFARI | |
| *keyvalueservice.icloud.com,TLSK_SAFARI | |
| idmsa.apple.com,TLSK_SAFARI | |
| **.apple.com,TLSK_SAFARI | |
| // Salesforce caches the case files. NCACHE is needed to override caching | |
| // if you want to log/block NTDs. | |
| **.force.com,NCACHE | |
| // dropbox (and others) use cache-control headers for downloaded contents. NCACHE is needed | |
| // to override caching if you wan to log/block NTDs. | |
| **.dl.dropboxusercontent.com,NCACHE | |
| web.opendrive.com,NCACHE | |
| mail-attachment.googleusercontent.com,NCACHE | |
| // DLPTEST caches files. NCACHE is needed to override caching for logging/blocking NTDs. | |
| dlptest.com,NCACHE | |
| // chrome remote desktop | |
| instantmessaging-pa.clients6.google.com,TLSK_CHROME | |
| // Microsoft AIP / MIP (pinned certificates / tls renegotiation) | |
| **.aadrm.com,SK | |
| **.protection.outlook.com,SK | |
| // Microsoft Edge sync service | |
| edge-enterprise.activity.windows.com,SK | |
| edge.microsoft.com,SK | |
| // Microsoft Teams presence | |
| **presence.teams.microsoft.com,SK | |
| // Microsoft telemetry (teams, browser, mobile, etc) | |
| **.events.data.microsoft.com,SK | |
| **.events.data.msn.com,SK | |
| *-telemetry.officeapps.live.com,SK | |
| // Firefox telemetry | |
| incoming.telemetry.mozilla.org,SK | |
| // Push Notifications are often implemented by FCM. | |
| // Fixes the case when push notifications do not appear | |
| mtalk.google.com,SK | |
| // SA-38414, Online commerce | |
| cc.zdtc.app,SK | |
| // Microsoft Teams audio connections | |
| **.relay.teams.microsoft.com,SK | |