You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
229 lines
11 KiB
TOML
229 lines
11 KiB
TOML
#
|
|
# rs-short allowlists / blocklists
|
|
#
|
|
|
|
# ALLOWLISTS
|
|
|
|
# If an input URL or shortcut name matches an expression in an allowlist,
|
|
# no message will ever be printed out in the console about the link, even
|
|
# if verbose_console or verbose_suspicious are true.
|
|
|
|
# An allowlist item is defined the following way:
|
|
# { expr = '<regex>' }
|
|
|
|
|
|
# BLOCKLISTS
|
|
|
|
# On link creation, if the input URL or shortcut name matches an expression
|
|
# in a blocklist, the creation will be prevented and the user will
|
|
# be shown an error message.
|
|
|
|
# A blocklist item is defined the following way:
|
|
# { expr = '<regex>', category = '<category>' }
|
|
|
|
# For the URL blocklist, a third field 'matching' is available:
|
|
# { expr = '<regex>', category = '<category>', matching = '<matching method>' }
|
|
# If the matching method is not specified, it defaults to 'host'.
|
|
|
|
# BLOCKLISTS CATEGORIES
|
|
|
|
# Available values: shortener, freehost, spam
|
|
# When matching, the category determines the user error message.
|
|
# You must choose between the following categories:
|
|
# - shortener: link shorteners
|
|
# - freehost: free web hosting services used for spam
|
|
# - spam: phishing, porn spam, fake websites and everything else
|
|
|
|
# BLOCKLISTS MATCHING METHODS
|
|
|
|
# Available values: full-uri, host, port, authority, path, query
|
|
# Default value if none specified: host
|
|
# If you need to match on multiple URI parts, use full-uri instead.
|
|
# The matching is always case-insensitive.
|
|
# Based on http::Uri struct
|
|
#
|
|
# host port
|
|
# | |
|
|
# |---------| |-|
|
|
# abc://username:password@example.com:123/path/data?key=value&key2=value2#fragid1
|
|
# |-------------------------------||--------| |-------------------|
|
|
# | | |
|
|
# authority path query
|
|
# |-----------------------------------------------------------------------------|
|
|
# |
|
|
# full-uri
|
|
|
|
[names]
|
|
|
|
allowlist = []
|
|
|
|
blocklist = []
|
|
|
|
[urls]
|
|
|
|
allowlist = []
|
|
|
|
blocklist = [
|
|
# Listing common link shorteners
|
|
{ expr = '^bit\.+ly$', category = 'shortener' },
|
|
{ expr = '^bit\.+do$', category = 'shortener' },
|
|
{ expr = '^ow\.+ly$', category = 'shortener' },
|
|
{ expr = '^x\.+co$', category = 'shortener' },
|
|
{ expr = '^rebrand\.+ly$', category = 'shortener' },
|
|
{ expr = '^tinyurl\.+com$', category = 'shortener' },
|
|
{ expr = '^t\.+co$', category = 'shortener' },
|
|
{ expr = '^is\.+gd$', category = 'shortener' },
|
|
{ expr = '^ht\.+ly$', category = 'shortener' },
|
|
{ expr = '^lur\.+us$', category = 'shortener' },
|
|
{ expr = '^dcr\.+lu$', category = 'shortener' },
|
|
{ expr = '^linkvertise\.+', category = 'shortener' },
|
|
{ expr = '^link-to\.+net$', category = 'shortener' },
|
|
{ expr = '^colibris\.+link$', category = 'shortener' },
|
|
{ expr = '^lstu\.+fr$', category = 'shortener' },
|
|
{ expr = '^frama\.+link$', category = 'shortener' },
|
|
{ expr = '^huit\.+re$', category = 'shortener' },
|
|
{ expr = '^ogo\.+gl$', category = 'shortener' },
|
|
{ expr = '^onon\.+in$', category = 'shortener' },
|
|
{ expr = '^tiny\.+ee$', category = 'shortener' },
|
|
{ expr = '^link\.+infini\.+fr$', category = 'shortener' },
|
|
{ expr = '^urlme\.+cc$', category = 'shortener' },
|
|
{ expr = '^cutt\.+ly$', category = 'shortener' },
|
|
{ expr = '^url\.+sae\.+digital$', category = 'shortener' },
|
|
{ expr = '^1pt\.+co$', category = 'shortener' },
|
|
{ expr = '^link\.+bsru\.+ac\.+th$', category = 'shortener' },
|
|
{ expr = '^urlth\.+me$', category = 'shortener' },
|
|
{ expr = '^han\.+gl$', category = 'shortener' },
|
|
{ expr = '^yal\.+su$', category = 'shortener' },
|
|
{ expr = '^appurl\.+io$', category = 'shortener' },
|
|
{ expr = '^bulkurlshortener\.+com$', category = 'shortener' },
|
|
{ expr = '^inx\.+lv$', category = 'shortener' },
|
|
{ expr = '^linkthin\.+tk$', category = 'shortener' },
|
|
{ expr = '^sho\.+pw$', category = 'shortener' },
|
|
{ expr = '^glimpse\.+link$', category = 'shortener' },
|
|
{ expr = '^belink\.+me$', category = 'shortener' },
|
|
{ expr = '^3lo\.+gy$', category = 'shortener' },
|
|
{ expr = '^s\.+id$', category = 'shortener' },
|
|
{ expr = '^ssur\.+cc$', category = 'shortener' },
|
|
{ expr = '^wikiour\.+top$', category = 'shortener' },
|
|
{ expr = '^goo\.+gs$', category = 'shortener' },
|
|
{ expr = '^w-nr\.+com$', category = 'shortener' },
|
|
{ expr = '^c-om\.+be$', category = 'shortener' },
|
|
{ expr = '^t\.+ly$', category = 'shortener' },
|
|
{ expr = '^ric\.+im$', category = 'shortener' },
|
|
{ expr = '^linkcash\.+org$', category = 'shortener' },
|
|
{ expr = '^grabify\.+link$', category = 'shortener' },
|
|
{ expr = '^waa\.+ai$', category = 'shortener' },
|
|
{ expr = '^ouvaton\.+link$', category = 'shortener' },
|
|
{ expr = '^url\.+siick\.+fr$', category = 'shortener' },
|
|
{ expr = '^shorturl\.+at$', category = 'shortener' },
|
|
{ expr = '^nity\.+fr$', category = 'shortener' },
|
|
{ expr = '^goo\.+su$', category = 'shortener' },
|
|
{ expr = '^xs-url\.+fr$', category = 'shortener' },
|
|
{ expr = '^urlz\.+fr$', category = 'shortener' },
|
|
{ expr = '^iplogger\.+org$', category = 'shortener' },
|
|
{ expr = '^iplogger\.+com$', category = 'shortener' },
|
|
{ expr = '^shorturl\.+net$', category = 'shortener' },
|
|
{ expr = '^u\.+to$', category = 'shortener' },
|
|
{ expr = '^4ty\.+me$', category = 'shortener' },
|
|
{ expr = 'clictune\.+com$', category = 'shortener' },
|
|
{ expr = 'mylink1\.+biz$', category = 'shortener' },
|
|
{ expr = '^vu\.+fr$', category = 'shortener' },
|
|
{ expr = '^maglit\.+me$', category = 'shortener' },
|
|
{ expr = '^smll\.+sh$', category = 'shortener' },
|
|
{ expr = '^hm\.+ru$', category = 'shortener' },
|
|
{ expr = '^clicklo\.+live$', category = 'shortener' },
|
|
{ expr = '^link\.+trom\.+tf$', category = 'shortener' },
|
|
{ expr = '\.+xburl\.+com$', category = 'shortener' },
|
|
{ expr = '^lynkb\.+it$', category = 'shortener' },
|
|
{ expr = '^tri\.+rs$', category = 'shortener' },
|
|
# Listing common free hosts, free website template tools used for phishing
|
|
{ expr = '^sites\.+google\.+com$', category = 'freehost' },
|
|
{ expr = '^blogspot\.+com$', category = 'freehost' },
|
|
{ expr = '\.+yolasite\.+com$', category = 'freehost' },
|
|
{ expr = '\.+moonfruit\.+com$', category = 'freehost' },
|
|
{ expr = '\.+wixsite\.+com$', category = 'freehost' },
|
|
{ expr = '\.+firebaseapp\.+com$', category = 'freehost' },
|
|
{ expr = '\.+weebly\.+com$', category = 'freehost' },
|
|
{ expr = '\.+web\.+app$', category = 'freehost' },
|
|
{ expr = '\.+weblium\.+site$', category = 'freehost' },
|
|
{ expr = '\.+t\.+justns\.+ru$', category = 'freehost' },
|
|
{ expr = '\.+tmweb\.+ru$', category = 'freehost' },
|
|
{ expr = '\.+swtest\.+ru$', category = 'freehost' },
|
|
{ expr = '\.+tonohost\.+com$', category = 'freehost' },
|
|
{ expr = '\.+dynadot\.+com$', category = 'freehost' },
|
|
{ expr = '\.+000webhostapp\.+com$', category = 'freehost' },
|
|
{ expr = '\.+xsph\.+ru$', category = 'freehost' },
|
|
{ expr = '\.+serveusers\.+com$', category = 'freehost' },
|
|
{ expr = '\.+blob\.+core\.+windows\.+net$', category = 'freehost' },
|
|
{ expr = '\.+ukit\.+me$', category = 'freehost' },
|
|
{ expr = '\.+contactinbio\.+com$', category = 'freehost' },
|
|
{ expr = '\.+dorik\.+io$', category = 'freehost' },
|
|
{ expr = '\.+mykajabi\.+com$', category = 'freehost' },
|
|
{ expr = '\.+godaddysites\.+com$', category = 'freehost' },
|
|
{ expr = 'fun-hosting\.+fr$', category = 'freehost' },
|
|
{ expr = '\.+weezbe\.+com$', category = 'freehost' },
|
|
{ expr = '\.+mailerpage\.+io$', category = 'freehost' },
|
|
# Listing spam websites, porn category
|
|
{ expr = '^(?:meet|date|get|pretty|)-?(?:lovely|localvip|naughty|onenight|private|horny|piquant|sweet|nice|meet|sexy|hot|lusty)-?(?:girls?|glrls?|sluts?|partners?|lovers?|adults?|playmates?|flings?|ladies|lady|babies|babes?|baby|luvers?)-?(?:finder|here|only|worldwide)\.+com$', category = 'spam' },
|
|
{ expr = '^adultfinderx\.+com$', category = 'spam' },
|
|
{ expr = '^lustyflingz\.+com$', category = 'spam' },
|
|
{ expr = '^hot-kiss-spot\.+com$', category = 'spam' },
|
|
{ expr = '^meetonlyhot\.+com$', category = 'spam' },
|
|
{ expr = '^go-sex\.+com$', category = 'spam' },
|
|
{ expr = '^godatemetoday\.+com$', category = 'spam' },
|
|
{ expr = '^findyourlovemate\.+com$', category = 'spam' },
|
|
{ expr = '^flndluver\.+com$', category = 'spam' },
|
|
{ expr = '^hotglrls\.+net$', category = 'spam' },
|
|
{ expr = '^meet-sexy-', category = 'spam' },
|
|
{ expr = '^sexy-meets\.+com$', category = 'spam' },
|
|
{ expr = '^astonlshingdate\.+net$', category = 'spam' },
|
|
{ expr = 'fabuiousdatlng\.+net$', category = 'spam' },
|
|
{ expr = '^findfavoritedate\.+life$', category = 'spam' },
|
|
{ expr = '^dreamladiesfh\.+com$', category = 'spam' },
|
|
{ expr = 'speciaidating\.+com$', category = 'spam' },
|
|
# Listing spam websites, scam category
|
|
{ expr = '^employednumber\.+com$', category = 'spam' },
|
|
{ expr = '^facepook\.+cf$', category = 'spam' },
|
|
{ expr = '^tcpkev\.+com$', category = 'spam' },
|
|
{ expr = '^tcpkek\.+com$', category = 'spam' },
|
|
{ expr = '^tcptek\.+com$', category = 'spam' },
|
|
{ expr = '^tcpehes\.+com$', category = 'spam' },
|
|
{ expr = '^kapluci\.+com$', category = 'spam' },
|
|
{ expr = '^obr\.+atsugai\.+club$', category = 'spam' },
|
|
{ expr = '^dov\.+dojutsu\.+club$', category = 'spam' },
|
|
{ expr = '^crclrtcco\.+com$', category = 'spam' },
|
|
{ expr = '^alv\.+org\.+za$', category = 'spam' },
|
|
{ expr = '^doabonnee\.+be$', category = 'spam' },
|
|
{ expr = '^a\.+di-carlo\.+fr$', category = 'spam' },
|
|
{ expr = '^rbexploits\.+com$', category = 'spam' },
|
|
{ expr = '^rucksledge\.+com$', category = 'spam' },
|
|
{ expr = '^brenwenbusiness\.+systeme\.+io$', category = 'spam' },
|
|
{ expr = '^mails\.+dnsunicf\.+ga$', category = 'spam' },
|
|
{ expr = '^serverserviceconnexion\.+com$', category = 'spam' },
|
|
{ expr = '^express-fraiscolis-envoi\.+com$', category = 'spam' },
|
|
{ expr = '^messagerie-login\.+com$', category = 'spam' },
|
|
{ expr = '^fantasticsurvey\.+com$', category = 'spam' },
|
|
{ expr = '^1tpefb\.+com$', category = 'spam' },
|
|
{ expr = '^1tpe\.+net$', category = 'spam' },
|
|
{ expr = '^guru-tracking\.+com$', category = 'spam' },
|
|
{ expr = '^www\.+vlapvlap\.+com$', category = 'spam' },
|
|
{ expr = '^cherian\.+ch$', category = 'spam' },
|
|
{ expr = 'poyasoft\.+ir$', category = 'spam' },
|
|
{ expr = '^e\.+vg$', category = 'spam' },
|
|
{ expr = '^loppest\.+com$', category = 'spam' },
|
|
{ expr = '^vasalcribs\.+com$', category = 'spam' },
|
|
# Wildcard for those two
|
|
{ expr = 'certicode', category = 'spam' },
|
|
{ expr = 'securi?pass', category = 'spam' },
|
|
# Targeting more specific scams
|
|
{ expr = '^/x/rd3r43d', category = 'spam', matching = 'path' },
|
|
{ expr = '^skipth[ea]i?g[ea]i?m[ea]i?se?\.+(?:com|link|co)$', category = 'spam' },
|
|
{ expr = '^megap[oea]rs[eoa][eoa]?n[eoa]?s?a?lse?\.+com$', category = 'spam' },
|
|
{ expr = '^a=.*&oc=.*&c=.*&m=.*&s1=.*', category = 'spam', matching = 'query' },
|
|
{ expr = '/r.php\?t=.*&d=.*&l=.*&c=.*&cr=.*', category = 'spam', matching = 'full-uri' },
|
|
{ expr = '^u=.*&o=.*&t=.*', category = 'spam', matching = 'query' },
|
|
# Listing asset hijacks
|
|
{ expr = '^assets\.+nflxext\.+com$', category = 'spam' },
|
|
{ expr = '^www\.+paypalobjects\.+com$', category = 'spam' },
|
|
]
|