From 1752fac0d844686b20fabc314e540ad47715459b Mon Sep 17 00:00:00 2001 From: Tey Date: Fri, 5 Oct 2018 04:05:18 +0200 Subject: [PATCH] Fixed doc about domain whitelisting --- docs/src/content/howto-ignoredomains.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/src/content/howto-ignoredomains.md b/docs/src/content/howto-ignoredomains.md index b1b148310..902a17bec 100644 --- a/docs/src/content/howto-ignoredomains.md +++ b/docs/src/content/howto-ignoredomains.md @@ -72,8 +72,7 @@ method to do so: >>> mitmproxy --ignore-hosts ^example\.com:443$ {{< /highlight >}} -Here are some other examples for ignore -patterns: +Here are some other examples for ignore patterns: {{< highlight none >}} # Exempt traffic from the iOS App Store (the regex is lax, but usually just works): @@ -84,15 +83,22 @@ patterns: # Ignore example.com, but not its subdomains: --ignore-hosts '^example.com:' -# Ignore everything but example.com and mitmproxy.org: ---ignore-hosts '^(?!example\.com)(?!mitmproxy\.org)' - # Transparent mode: --ignore-hosts 17\.178\.96\.59:443 # IP address range: --ignore-hosts 17\.178\.\d+\.\d+:443 {{< / highlight >}} +This option can also be used to whitelist some domains through negative lookahead expressions. However, ignore patterns are always matched against the IP address of the target before being matched against its domain name. Thus, the pattern must allow any IP addresses using an expression like `^(?![0-9\.]+:)` in order for domains whitelisting to work. Here are examples of such patterns: + +{{< highlight none >}} +# Ignore everything but example.com and mitmproxy.org (not subdomains): +--ignore-hosts '^(?![0-9\.]+:)(?!example\.com:)(?!mitmproxy\.org:)' + +# Ignore everything but example.com and its subdomains: +--ignore-hosts '^(?![0-9\.]+:)(?!([^\.:]+\.)*example\.com:)' +{{< / highlight >}} + **Footnotes** 1. This stems from an limitation of explicit HTTP proxying: A single connection