1 points | by dash14 2 months ago ago
2 comments
Hey!Really interesting approach
I’m going to try it in one of my CI pipelines
Quick question: how granular is the allowlist matching, is it exact domain only or do you support wildcards and subdomain patterns
Thanks for the interest and great question!
The allowlist uses nginx's map directive with the `hostnames` parameter, so it supports several matching patterns:
- Exact domains: `registry.npmjs.org` - Prefix wildcards: `.cloudfront.net` (matches any subdomain) - Suffix wildcards: `github.` (matches github.com, github.io, etc.) - Combined wildcards: `.example.com` (shorthand for both example.com and .example.com) - Regex patterns: `~^.\.amazonaws\.com$` for full PCRE support
Full nginx map documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html
I'll add this to the documentation. Thanks!
Hey!Really interesting approach
I’m going to try it in one of my CI pipelines
Quick question: how granular is the allowlist matching, is it exact domain only or do you support wildcards and subdomain patterns
Thanks for the interest and great question!
The allowlist uses nginx's map directive with the `hostnames` parameter, so it supports several matching patterns:
- Exact domains: `registry.npmjs.org` - Prefix wildcards: `.cloudfront.net` (matches any subdomain) - Suffix wildcards: `github.` (matches github.com, github.io, etc.) - Combined wildcards: `.example.com` (shorthand for both example.com and .example.com) - Regex patterns: `~^.\.amazonaws\.com$` for full PCRE support
Full nginx map documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html
I'll add this to the documentation. Thanks!