nym-zone / block_cloudflare_mitm_fx

Firefox & Tor Browser add-on to block Cloudflare.
https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/
MIT License
22 stars 3 forks source link

[feature suggestion] Wildcards for (sub)domain whitelisting #10

Closed ghost closed 6 years ago

ghost commented 6 years ago

Thanks for the time and dedication put into this, not just limiting to the MitM vector. Been a bit shocking how much stuff is actually being hosted by CF and their CF-Ray headers in play.

Not being able to entirely avoid CF hosted CDNs some whitelisting cannot be helped, but the whitelisting is kind of cumbersome if the domain is split into subdomains, e.g. a.foo.com and b.foo.com As it is currently whitelisting foo.com does not do the trick but instead this extension is checking for each subdomain.

I reckon it would be handy to either being able to whitelist with wildcard, e.g. foo.com and/or RegExp like r:[^\/]\foo.com or r:[^\/]*.foo.com

nym-zone commented 6 years ago

A complete regexp like ^(.).mozilla.(org|net|com)$ will slow down low-end user's PC, so we'll consider adding a ".domain" instead. .domain = domain and .domain.

@whatsusername, good thinking generally. Wildcard globbing seems to be the standard way to approach this.

But what if a user wishes to whitelist *.domain without whitelisting domain? That is logical, as well as being the common usage in every standard; and users expect them to be distinct. A user who wants both can simply whitelist both.

@n8v8R, thanks for the suggestion.

ghost commented 6 years ago

perhaps www.foo.com and foo.com could be treated as the same, else domain whitelisting requires an entry for each