Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

.eu.example.com is a subdomain of .example.com - you should remove .eu.example.com #2218

Open
ra-at-diladele-com opened this issue Apr 5, 2024 · 1 comment
Open

.eu.example.com is a subdomain of .example.com - you should remove .eu.example.com #2218

ra-at-diladele-com opened this issue Apr 5, 2024 · 1 comment
Assignees
@ra-at-diladele-com
Milestone
9.4 Priority 2

Comments

@ra-at-diladele-com
Copy link
Contributor

Admin adds 2 domain names to exclusions - .eu.example.com and .example.com. Most probably these two sites were added at two different points in time or even by two different admins. Then after clicking Save and Restart and also in UI / Squid / General / Verification we have the following warning.

2024/04/04 15:43:02| WARNING: '.eu.example.com' is a subdomain of '.example.com'
2024/04/04 15:43:02| WARNING: You should remove '.eu.example.com' from the ACL named 'authentication_exclude_domainname'

This error comes from Squid. Note that luckily we create domain exclusion acl by sorting domains by length, so in the file the .example.com comes before .eu.example.com - this results into warning and not error from squid. If longer name would precede the shorter one squid would give an error.
@ra-at-diladele-com ra-at-diladele-com added this to the 9.2 Next milestone Apr 5, 2024
@ra-at-diladele-com ra-at-diladele-com self-assigned this Apr 5, 2024
@ra-at-diladele-com
Copy link
Contributor Author

Attempts to design a system to prohibit such entries in the Admin UI failed. Problems:

  • we can prohibit adding a .eu.example.com when .example.com exists in the configuration relatively easily. But what to do if admin has a longer version of the .eu.example.com in the configuration and wants to add shorter one? Then we would need to tell him that the shorter pattern that he wants to add would result into a longer patter already existing not usable. And ideally we need to tell him to better edit the longer pattern in the config by making it shorter. This is very complex in django.

  • also - our exclusions allow admin to have one exclusion with flags - so if flags are different - then having both pattern are correct (for example exclude .example.com from auth but only .eu.example.com from web filtering). So we need to actually check the patterns only per exclusion type. This makes it even more complex.

So decided to postpone this complex problem for now and simply ignore this warning. If this warning is disturbing the admin needs to do what this warning says exactly - i.e. remove .eu.example.com from config if he intends to add just .example.com.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ra-at-diladele-com ra-at-diladele-com

Labels
None yet
Projects
None yet
Milestone
9.4 Priority 2
Development

No branches or pull requests
1 participant
@ra-at-diladele-com