Upload domainflags.txt

domainflags.txt

@@ -0,0 +1,134 @@
+//=========================================================================
+// DOMAINFLAGS.TXT
+//
+// This file allows control of how DG Web Inspection Proxy
+// handles HTTP and HTTPS requests made to specific web servers
+//
+// Current Domain Flags Definition
+// (Version 9.3.0)
+//
+//
+//  Control Flag Name                                    Parameter
+//  ------------------------                             ---------
+//  SKIP INSPECTION                                      SK
+//  SKIP INSPECTION if TLS                               TLSK
+//  USE BROWSER CACHING (default)                        CACHE
+//  DISABLE BROWSER CACHING                              NCACHE
+//  SKIP HTTPS SITES WHEN ACCESSED BY SAFARI             TLSK_SAFARI
+//  SKIP HTTPS SITES WHEN ACCESSED BY CHROME             TLSK_CHROME
+//  SKIP HTTPS SITES WHEN ACCESSED BY FIREFOX            TLSK_FIREFOX
+//  SKIP HTTP TRAFFIC AT THE TCP LEVEL                   HTTP_TCPSK
+//  SKIP THE UPSTREAM PROXY (EXPLICIT PROXY MODE ONLY)   SK_PROXY
+//  USE HTTP1.1 ONLY (AVOID HTTP2.0)                     HTTP1_1_ONLY
+//
+//  NOTES:
+//     CACHE is useful to enable caching on a specific site if caching is disabled globally.
+//     (If caching is not disabled globally, CACHE has no effect, so can be used
+//        to create a domain flag entry that stops other entries from being applied.)
+//     If NCACHE and CACHE are both specified on the same line, NCACHE takes precedence.
+//     If SK or TLSK is specified all other processing is skipped, including CACHE and NCACHE.
+//     Add entries to the domain flags file in order of precedence.
+//     IP Address entries and Domain entries are treated separately.
+//     For each request the flags from the first matching IP address entry,
+//        amd the first matching domain entry are combined and applied.
+//
+// You can add a line to this file for each domain or IP address (range)
+// that you need special handling for.  Each line can contain either a
+// domain entry or an IP subnet entry.
+//
+// Examples:
+
+//  example.com,SK     //<-- SKIP inspection of requests to example.com
+//  example.com:80,SK  //<-- SKIP inspection of requests to example.com port 80
+//  *.example.com,SK   //<-- SKIP inspection of requests to immediate subdomains of example.com
+//  **.example.com,SK  //<-- SKIP inspection of requests to all subdomains of example.com
+// IPv4 examples
+//  10.20.10.1,SK      //<-- SKIP inspection of requests to the server at 10.20.10.1
+//  10.10.0.0/16,SK    //<-- SKIP inspection of requests to the 10.10.0.0/16 network
+//  10.20.10.1:80,SK   //<-- SKIP inspection of requests to the server at 10.20.10.1 port 80
+//  10.20.0.0:80/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network port 80
+// IPv6 examples
+//  [fe80::1c31:6bc2:7f5:675c],SK    //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c
+//  [fe80::]/64,SK                   //<-- SKIP inspection of requests to the fe80::/64 network
+//  [fe80::1c31:6bc2:7f5:675c]:80,SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c port 80
+//  [fe80::]:80/64,SK                //<-- SKIP inspection of requests to the fe80::/64 network port 80
+
+
+// Domain wildcard syntax is designed to mimic directory glob syntax.
+// It is not a full regular expression syntax.
+// The following meta-characters are supported:
+//  •	“*” will match any character except “.”
+//  •	“**” will match any character including “.”
+//  •	“?” will match a single character
+//  •	“[]” can be used to specify a character match list. For example [ab] will match a or b but will not match c
+//  •	“[!]”  can be used to specify a negative character match list. For example [!ab] will not match a or b but will match c
+//  •	{} can be used to specify comma separated pattern alternatives. For example {ab,de} will match ab or de
+
+
+// Ad networks
+secure.adnxs.com,SK
+as-*.casalemedia.com,SK
+logx.optimizely.com,SK
+fastlane.rubiconproject.com,SK
+tps*.doubleverify.com,SK
+timeinc-*.openx.net,SK
+ads.adaptv.advertising.com,SK
+
+// Microsoft website for AD FS
+login.microsoftonline.com,SK
+// Single Sign On sites
+sso.teamviewer.com,SK
+idp.blackberry.com,SK
+pki.entitlement.siemens.com,SK
+
+// Apple websites with certificate checks on Safari Browser
+safari-extensions.apple.com,TLSK_SAFARI
+icloud.com,TLSK_SAFARI
+setup.icloud.com,TLSK_SAFARI
+edge.icloud.com,TLSK_SAFARI
+*pushws.icloud.com,TLSK_SAFARI
+*contactsws.icloud.com,TLSK_SAFARI
+feedbackws.icloud.com,TLSK_SAFARI
+*keyvalueservice.icloud.com,TLSK_SAFARI
+idmsa.apple.com,TLSK_SAFARI
+**.apple.com,TLSK_SAFARI
+
+// Salesforce caches the case files. NCACHE is needed to override caching
+// if you want to log/block NTDs.
+**.force.com,NCACHE
+
+// dropbox (and others) use cache-control headers for downloaded contents. NCACHE is needed
+// to override caching if you wan to log/block NTDs.
+**.dl.dropboxusercontent.com,NCACHE
+web.opendrive.com,NCACHE
+mail-attachment.googleusercontent.com,NCACHE
+
+// DLPTEST caches files. NCACHE is needed to override caching for logging/blocking NTDs.
+dlptest.com,NCACHE
+
+// chrome remote desktop
+instantmessaging-pa.clients6.google.com,TLSK_CHROME
+
+// Microsoft AIP / MIP (pinned certificates / tls renegotiation)
+**.aadrm.com,SK
+**.protection.outlook.com,SK
+// Microsoft Edge sync service
+edge-enterprise.activity.windows.com,SK
+edge.microsoft.com,SK
+// Microsoft Teams presence
+**presence.teams.microsoft.com,SK
+// Microsoft telemetry (teams, browser, mobile, etc)
+**.events.data.microsoft.com,SK
+**.events.data.msn.com,SK
+*-telemetry.officeapps.live.com,SK
+// Firefox telemetry
+incoming.telemetry.mozilla.org,SK
+
+// Push Notifications are often implemented by FCM.
+// Fixes the case when push notifications do not appear
+mtalk.google.com,SK
+
+// SA-38414, Online commerce
+cc.zdtc.app,SK
+// Microsoft Teams audio connections
+**.relay.teams.microsoft.com,SK