Barre
commented
2 years ago I have tried both *.dropbox.com and just dropbox.com, and in both cases subdomains continue to generate TLS handshake errors in the log. Adding each offending subdomain fixes it.
The wildcard exclusion behavior is not exposed to end users by (current) design for three debatable reasons:
- We use globset which is designed for paths here: https://github.com/Barre/privaxy/blob/main/privaxy/src/server/proxy/exclusions.rs#L9
- If it is useful to exclude
*.example.com, such an exclusion is probably useful to every privaxy user; and should instead be contributed to the project directly. - Excluding
*.example.commay not be what most users would actually want to achieve if something is not working; it is probably more in the lines of "this website don't work properly, let's try this".
I also noticed that the UI says that domains that have handshake failures will be automatically added to the exclusion list, but that doesn't seem to be happening in my case.
Ah, thanks, I will fix this :)
It is a quirk from where it was the case. I then removed this behavior when the project was not yet published as I thought that it would then be trivial for websites to trigger this behavior and get excluded.
dhc02
I've tried both *.dropbox.com and just dropbox.com, and in both cases subdomains continue to generate TLS handshake errors in the log. Adding each offending subdomain fixes it.
I also noticed that the UI says that domains that have handshake failures will be automatically added to the exclusion list, but that doesn't seem to be happening in my case.
Context: MacOS, pre-built binary