Versions Compared

Old Version 3

changes.mady.by.user Dick Visser

Saved on

compared with

New Version 4

changes.mady.by.user Dick Visser

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
FilterDefaultDeny Yes
Filter "/etc/whitelist"
FilterExtended On

Don't just add domains to the list, because it will be interpreted as regular expressions.

Take care when building the white list. While the following entry might look OK and will work OK at first sight:

microsoft.com

It is interpreted as a regular expression, so roguedomain-not-owned-bymicrosoftSo if you add microsoft.com, the domain roguedomain-microsoft.com will also be accepted.

...

Code Block
^(.*\.|)(s-)?microsoft\.com$
^(.*\.|)windowsupdate\.com$
^(.*\.|)microsoftupdate\.com$
^(.*\.|)secunia\.com$
^(.*\.|)vmware\.com$
^(.*\.|)msftncsi\.com$
^(.*\.|)public-trust\.com$
^(.*\.|)thawte\.com$

...

The regexes allow:
  • domain.com
  • sub.domain.com
  • any.number.of.sub.domain.com

which is what you want.
The microsoft one is to allow s-microsoft.com as well, as this is used a lot in updates.
Configuring operating systems and software to use the proxy
...