I have a query regarding how Domain objects handle CNAMES following trying to configure specific access for a customer system, which doesn't work when I specify the domains they've told me to allow.
I’ve done some testing in my lab. Please also refer to the screenshot lower down.
A DNS lookup on zadarastorage-install.s3.amazonaws.com returns s3-1-w.amazonaws.com, which in turn returns s3-w.us-east-1.amazonaws.com, which in turn gives an IP address to connect to. The IP address is different every time you refresh.
In my lab I allowed the name zadarastorage-install.s3.amazonaws.com. The page timed out and other traffic was also dropped.
In my lab I then allowed all three names:
The page still timed out.
In my lab I then allowed *.amazonaws.com (i.e .amazonaws.com with the FQDN box unticked). The page now loads immediately.
I’m not yet sure why it didn’t work when I allowed all of the names shown in the tcpdump. But it seems quite clear that allowing a specific domain name in the rule doesn't automatically allow any CNAME's it resolves to. I don't want to allow the whole of amazonaws.com.
Does anyone have any thoughts? Am I doing something wrong?
| User | Count |
|---|---|
| 25 | |
| 13 | |
| 6 | |
| 6 | |
| 5 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 |
Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)Fri 10 Jan 2025 @ 10:00 AM (CET)
CheckMates Live Netherlands - Sessie 32: Infinity External Risk Management (CyberInt)
