Closed geeknik closed 10 months ago
I'd argue that it makes more sense to block example.com
and *.example.com
as separate entries rather then including all subdomains when blocking the parent domain and vice versa.
Well, wildcard matching was added in 3.1, but didn't make it into 4.1 for some reason. When I try to add *.example.*, nothing is added.
Hey @geeknik,
I was about to say, I believe it is already possible to add *.example.com.
I will look into this. It might broke without me noticiing in some release.
Seems that only the input was not working correctly, thinking '*' can not be a valid character in a domain. Fixed it in https://github.com/ssl/ezXSS/commit/796222c2e2912da5794e9a7a82156e83c4d1f20c
Right now, adding example.com in
v4.1
only blocks request from example.com, not a01.example.com or www.example.com. Adding example.com should block *.example.com unless one or more of the subdomains is in the whitelist.