InformAction Forums

I work at a web development company, and we have over a thousand websites on our development/testing server. These sites are accessed by adding a custom top level domain to the end of the real domain (example.com.foo).

I tried adding "foo" to the whitelist, but this did not work. I searched the documentation, and it looks like I should be able to add the subnet to the whitelist, but "192.168.42" did not work.

What am I doing wrong? I'm using FireFox 4.

I am guessing it would be no problem if "foo" was a domain + valid TLD.

The entire point of having a custom TLD for our intranet server is to be invalid, so we don't stomp on any real domain names.

They are all running on the same IP address, so I should be able to add a whitelist for the IP, according to the documentation. But it's not working for me.

Has anyone else been able to successfully add a whitelist for an IP address? What's the exact process?

abhibeckert wrote:The entire point of having a custom TLD for our intranet server is to be invalid, so we don't stomp on any real domain names.

That might become a problem if you let's say plan on getting a certificate from a public CA trusted by Mozilla (ie. no need to import anything on fresh Firefox installations). Probably not in your case, but in most other cases it's a good idea to have subdomains of real domains "owned on the Internet" for the intranet.

Back to the original problem, allowing/disallowing per IP is AFAIK not possible for the JS restriction stuff that NoScript offers (I guess it wouldn't be even possible in theory without much fiddling since NoScript's implementation sits on top of CAPS).
Now it's a different case with ABE (that's where your belief in the possibility of "allowing IPs" might come from) but then it also serves different goals.

dhouwn wrote:

abhibeckert wrote:The entire point of having a custom TLD for our intranet server is to be invalid, so we don't stomp on any real domain names.

That might become a problem if you let's say plan on getting a certificate from a public CA trusted by Mozilla (ie. no need to import anything on fresh Firefox installations). Probably not in your case, but in most other cases it's a good idea to have subdomains of real domains "owned on the Internet" for the intranet.

This is a private server, behind multiple firewalls. There are only about 10 people with access to it. We just use a self signed cert when we need to test SSL behind the firewall. The point is, since we create new websites daily, to not have to train our non-tech-savvy web designers how to setup DNS. They just create a folder "example.com" in the right place, and go to "example.com.foo".

dhouwn wrote:Back to the original problem, allowing/disallowing per IP is AFAIK not possible for the JS restriction stuff that NoScript offers (I guess it wouldn't be even possible in theory without much fiddling since NoScript's implementation sits on top of CAPS).
Now it's a different case with ABE (that's where your belief in the possibility of "allowing IPs" might come from) but then it also serves different goals.

That's a shame. I guess I'll just have to continue using the "allow scripts globally" feature during business hours, and only enable NoScript when I'm at home.