...
It is interpreted as a regular expression, so roguedomainso roguedomain-not-owned-bymicrosoft.com will also be accepted.
I wanted a regex to allow:
- domain.com
- subdomain.domain.com
- any.number.of.subdomains.domain.com
Some other sites:
- s-microsoft.com as well, as this is used a lot in updates.
- mstfncsi.com is a web site used by the Network Connectivity Status Indicator, Windows' network awareness tool (see http://blog.superuser.com/2011/05/16/windows-7-network-awareness/).
...
- Don't forget that systems might access CRLs or OCSP responders, which are hosted on thawte.com and public-trust.com.
Thus my whitelist look
...
like this:
...
| Code Block |
|---|
^(.*\.|)(s-)?microsoft\.com$ ^(.*\.|)windowsupdate\.com$ ^(.*\.|)microsoftupdate\.com$ ^(.*\.|)secunia\.com$ ^(.*\.|)vmware\.com$ ^(.*\.|)msftncsi\.com$ ^(.*\.|)public-trust\.com$ ^(.*\.|)thawte\.com$ |
The regexes allow:
...
which is what you want.
...
This list is the initial list. By monitoring the log files you can adjust the list. This is an iterative process, it takes a while to establish a list that is 'right'.
Configuring operating systems and software to use the proxy
...