//========================================================================= // DOMAINFLAGS.TXT // // This file allows control of how DG Web Inspection Proxy // handles HTTP and HTTPS requests made to specific web servers // // Current Domain Flags Definition // (Version 9.3.0) // // // Control Flag Name Parameter // ------------------------ --------- // SKIP INSPECTION SK // SKIP INSPECTION if TLS TLSK // USE BROWSER CACHING (default) CACHE // DISABLE BROWSER CACHING NCACHE // SKIP HTTPS SITES WHEN ACCESSED BY SAFARI TLSK_SAFARI // SKIP HTTPS SITES WHEN ACCESSED BY CHROME TLSK_CHROME // SKIP HTTPS SITES WHEN ACCESSED BY FIREFOX TLSK_FIREFOX // SKIP HTTP TRAFFIC AT THE TCP LEVEL HTTP_TCPSK // SKIP THE UPSTREAM PROXY (EXPLICIT PROXY MODE ONLY) SK_PROXY // USE HTTP1.1 ONLY (AVOID HTTP2.0) HTTP1_1_ONLY // // NOTES: // CACHE is useful to enable caching on a specific site if caching is disabled globally. // (If caching is not disabled globally, CACHE has no effect, so can be used // to create a domain flag entry that stops other entries from being applied.) // If NCACHE and CACHE are both specified on the same line, NCACHE takes precedence. // If SK or TLSK is specified all other processing is skipped, including CACHE and NCACHE. // Add entries to the domain flags file in order of precedence. // IP Address entries and Domain entries are treated separately. // For each request the flags from the first matching IP address entry, // amd the first matching domain entry are combined and applied. // // You can add a line to this file for each domain or IP address (range) // that you need special handling for. Each line can contain either a // domain entry or an IP subnet entry. // // Examples: // example.com,SK //<-- SKIP inspection of requests to example.com // example.com:80,SK //<-- SKIP inspection of requests to example.com port 80 // *.example.com,SK //<-- SKIP inspection of requests to immediate subdomains of example.com // **.example.com,SK //<-- SKIP inspection of requests to all subdomains of example.com // IPv4 examples // 10.20.10.1,SK //<-- SKIP inspection of requests to the server at 10.20.10.1 // 10.10.0.0/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network // 10.20.10.1:80,SK //<-- SKIP inspection of requests to the server at 10.20.10.1 port 80 // 10.20.0.0:80/16,SK //<-- SKIP inspection of requests to the 10.10.0.0/16 network port 80 // IPv6 examples // [fe80::1c31:6bc2:7f5:675c],SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c // [fe80::]/64,SK //<-- SKIP inspection of requests to the fe80::/64 network // [fe80::1c31:6bc2:7f5:675c]:80,SK //<-- SKIP inspection of requests to the server at fe80::1c31:6bc2:7f5:675c port 80 // [fe80::]:80/64,SK //<-- SKIP inspection of requests to the fe80::/64 network port 80 // Domain wildcard syntax is designed to mimic directory glob syntax. // It is not a full regular expression syntax. // The following meta-characters are supported: // • “*” will match any character except “.” // • “**” will match any character including “.” // • “?” will match a single character // • “[]” can be used to specify a character match list. For example [ab] will match a or b but will not match c // • “[!]” can be used to specify a negative character match list. For example [!ab] will not match a or b but will match c // • {} can be used to specify comma separated pattern alternatives. For example {ab,de} will match ab or de // Ad networks secure.adnxs.com,SK as-*.casalemedia.com,SK logx.optimizely.com,SK fastlane.rubiconproject.com,SK tps*.doubleverify.com,SK timeinc-*.openx.net,SK ads.adaptv.advertising.com,SK // Microsoft website for AD FS login.microsoftonline.com,SK // Single Sign On sites sso.teamviewer.com,SK idp.blackberry.com,SK pki.entitlement.siemens.com,SK // Apple websites with certificate checks on Safari Browser safari-extensions.apple.com,TLSK_SAFARI icloud.com,TLSK_SAFARI setup.icloud.com,TLSK_SAFARI edge.icloud.com,TLSK_SAFARI *pushws.icloud.com,TLSK_SAFARI *contactsws.icloud.com,TLSK_SAFARI feedbackws.icloud.com,TLSK_SAFARI *keyvalueservice.icloud.com,TLSK_SAFARI idmsa.apple.com,TLSK_SAFARI **.apple.com,TLSK_SAFARI // Salesforce caches the case files. NCACHE is needed to override caching // if you want to log/block NTDs. **.force.com,NCACHE // dropbox (and others) use cache-control headers for downloaded contents. NCACHE is needed // to override caching if you wan to log/block NTDs. **.dl.dropboxusercontent.com,NCACHE web.opendrive.com,NCACHE mail-attachment.googleusercontent.com,NCACHE // DLPTEST caches files. NCACHE is needed to override caching for logging/blocking NTDs. dlptest.com,NCACHE // chrome remote desktop instantmessaging-pa.clients6.google.com,TLSK_CHROME // Microsoft AIP / MIP (pinned certificates / tls renegotiation) **.aadrm.com,SK **.protection.outlook.com,SK // Microsoft Edge sync service edge-enterprise.activity.windows.com,SK edge.microsoft.com,SK // Microsoft Teams presence **presence.teams.microsoft.com,SK // Microsoft telemetry (teams, browser, mobile, etc) **.events.data.microsoft.com,SK **.events.data.msn.com,SK *-telemetry.officeapps.live.com,SK // Firefox telemetry incoming.telemetry.mozilla.org,SK // Push Notifications are often implemented by FCM. // Fixes the case when push notifications do not appear mtalk.google.com,SK // SA-38414, Online commerce cc.zdtc.app,SK // Microsoft Teams audio connections **.relay.teams.microsoft.com,SK