summaryrefslogtreecommitdiffstats
path: root/build/pgo/server-locations.txt
blob: 2d97a79f3ffd6bf3e5108f20f48e91337f968b16 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

#
# This file defines the locations at which this HTTP server may be accessed.
# It is referred to by the following page, so if this file moves, that page must
# be modified accordingly:
#
# https://firefox-source-docs.mozilla.org/testing/mochitest-plain/faq.html
#
# Empty lines and lines which begin with "#" are ignored and may be used for
# storing comments.  All other lines consist of an origin followed by whitespace
# and a comma-separated list of options (if indeed any options are needed).
#
# The format of an origin is, referring to RFC 2396, a scheme (either "http" or
# "https"), followed by "://", followed by a host, followed by ":", followed by
# a port number.  The colon and port number must be present even if the port
# number is the default for the protocol.
#
# Unrecognized options are ignored.  Recognized options are "primary" and
# "privileged", "nocert", "cert=some_cert_nickname", "redir=hostname" and
# "failHandshake".
#
# "primary" denotes a location which is the canonical location of
# the server; this location is the one assumed for requests which don't
# otherwise identify a particular origin (e.g. HTTP/1.0 requests).
#
# "privileged" denotes a location which should have the ability to request
# elevated privileges; the default is no privileges.
#
# "nocert" makes sense only for https:// hosts and means there is not
# any certificate automatically generated for this host.
#
# "failHandshake" causes the tls handshake to fail (by sending a client hello to
# the client).
#
# "cert=nickname" tells the pgo server to use a particular certificate
# for this host. The certificate is referenced by its nickname that must
# not contain any spaces. The certificate  key files (PKCS12 modules)
# for custom certification are loaded from build/pgo/certs
# directory. When new certificate is added to this dir pgo/ssltunnel
# must be built then. This is only necessary for cases where we really do
# want specific certs.
# You can find instructions on how to add or modify certificates at:
# https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html
#
# "redir=hostname" tells the pgo server is only used for https://
# hosts while processing the CONNECT tunnel request. It responds
# to the CONNECT with a 302 and redirection to the hostname instead
# of connecting to the real back end and replying with a 200. This
# mode exists primarily to ensure we don't allow a proxy to do that.
#

#
# This is the primary location from which tests run.
#
http://mochi.test:8888   primary,privileged

#
# These are a common set of prefixes scattered across one TLD with two ports and
# another TLD on a single port.
#
http://127.0.0.1:80               privileged
http://127.0.0.1:8888             privileged
http://test:80                    privileged
http://mochi.test:8888            privileged
http://mochi.xorigin-test:8888    privileged
http://test1.mochi.test:8888
http://sub1.test1.mochi.test:8888
http://sub2.xn--lt-uia.mochi.test:8888
http://test2.mochi.test:8888
http://example.org:80                privileged
http://test1.example.org:80          privileged
http://test2.example.org:80          privileged
http://test3.example.org:80          privileged
http://sub1.test1.example.org:80     privileged
http://sub1.test2.example.org:80     privileged
http://sub2.test1.example.org:80     privileged
http://sub2.test2.example.org:80     privileged
http://example.org:8000              privileged
http://test1.example.org:8000        privileged
http://test2.example.org:8000        privileged
http://sub1.test1.example.org:8000   privileged
http://sub1.test2.example.org:8000   privileged
http://sub2.test1.example.org:8000   privileged
http://sub2.test2.example.org:8000   privileged
http://example.com:80                privileged
http://www.example.com:80            privileged
http://test1.example.com:80          privileged
http://test2.example.com:80          privileged
http://sub1.test1.example.com:80     privileged
http://sub1.test2.example.com:80     privileged
http://sub2.test1.example.com:80     privileged
http://sub2.test2.example.com:80     privileged
http://example.net:80                privileged
http://supports-insecure.expired.example.com:80 privileged
# Used to test that clearing Service Workers for domain example.com, does not clear prefixexample.com
http://prefixexample.com:80

# The first HTTPS location is used to generate the Common Name (CN) value of the
# certificate's Issued To field.
https://example.com:443                privileged
https://www.example.com:443            privileged
https://test1.example.com:443          privileged
https://test2.example.com:443          privileged
https://example.org:443                privileged
https://test1.example.org:443          privileged
https://test2.example.org:443          privileged
https://sub1.test1.example.org:443     privileged
https://sub1.test2.example.org:443     privileged
https://sub2.test1.example.org:443     privileged
https://sub2.test2.example.org:443     privileged
https://sub1.test1.example.com:443     privileged
https://sub1.test2.example.com:443     privileged
https://sub2.test1.example.com:443     privileged
https://sub2.test2.example.com:443     privileged
https://example.net:443                privileged
https://nocert.example.com:443         privileged,nocert
https://nocert.example.org:443         privileged,nocert
https://self-signed.example.com:443    privileged,cert=selfsigned
https://untrusted.example.com:443      privileged,cert=untrusted
https://expired.example.com:443        privileged,cert=expired
https://requestclientcert.example.com:443         privileged,clientauth=request
https://requireclientcert.example.com:443         privileged,clientauth=require
https://requireclientcert-2.example.com:443         privileged,clientauth=require
https://requireclientcert-untrusted.example.com:443         privileged,clientauth=require,cert=untrusted
https://mismatch.expired.example.com:443	privileged,cert=expired
https://mismatch.untrusted.example.com:443	privileged,cert=untrusted
https://untrusted-expired.example.com:443	privileged,cert=untrustedandexpired
https://mismatch.untrusted-expired.example.com:443	privileged,cert=untrustedandexpired
https://supports-insecure.expired.example.com:443   privileged,cert=expired
https://no-subject-alt-name.example.com:443   cert=noSubjectAltName

# Used for secure contexts on ip addresses, see bug 1616675. Note that
# 127.0.0.1 prompts ssltunnel.cpp to do special-cases, so we use .2
https://127.0.0.2:443                  privileged,ipV4Address
https://secureonly.example.com:443

# Prevent safebrowsing tests from hitting the network for its-a-trap.html and
# its-an-attack.html.
http://www.itisatrap.org:80
https://www.itisatrap.org:443

#
# These are subdomains of <ält.example.org>.
#
http://sub1.xn--lt-uia.example.org:8000   privileged
http://sub2.xn--lt-uia.example.org:80     privileged
http://xn--exmple-cua.test:80             privileged
http://sub1.xn--exmple-cua.test:80        privileged
http://xn--exaple-kqf.test:80             privileged
http://sub1.xn--exaple-kqf.test:80        privileged

https://xn--hxajbheg2az3al.xn--jxalpdlp:443        privileged
https://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:443   privileged

#
# These are subdomains of <παράδειγμα.δοκιμή>, the Greek IDN for example.test.
#
http://xn--hxajbheg2az3al.xn--jxalpdlp:80        privileged
http://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:80   privileged

# Bug 413909 test host
https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp:443   privileged,cert=bug413909cert

#
# These hosts are used in tests which exercise privilege-granting functionality;
# we could reuse some of the names above, but specific names make it easier to
# distinguish one from the other in tests (as well as what functionality is
# being tested).
#
http://sectest1.example.org:80       privileged
http://sub.sectest2.example.org:80   privileged
http://sectest2.example.org:80
http://sub.sectest1.example.org:80

https://sectest1.example.org:443       privileged
https://sub.sectest2.example.org:443   privileged
https://sectest2.example.org:443
https://sub.sectest1.example.org:443

#
# Used while testing the url-classifier
#
http://malware.example.com:80
http://unwanted.example.com:80
http://tracking.example.com:80
http://cryptomining.example.com:80
http://fingerprinting.example.com:80
http://not-tracking.example.com:80
http://tracking.example.org:80
http://another-tracking.example.net:80
http://social-tracking.example.org:80
http://itisatracker.org:80
https://itisatracker.org:443
http://trackertest.org:80
http://email-tracking.example.org:80
#
# Used while testing TLS session ticket resumption for third-party trackers (bug 1500533)
# (DO NOT USE THIS HOST IN OTHER TESTS!)
#
https://tlsresumptiontest.example.org:443

https://malware.example.com:443
https://unwanted.example.com:443
https://tracking.example.com:443
https://cryptomining.example.com:443
https://fingerprinting.example.com:443
https://not-tracking.example.com:443
https://tracking.example.org:443
https://another-tracking.example.net:443
https://social-tracking.example.org:443
https://email-tracking.example.org:443

#
# Used while testing flash blocking (Bug 1307604)
#
http://flashallow.example.com:80
http://exception.flashallow.example.com:80
http://flashblock.example.com:80
http://exception.flashblock.example.com:80
http://subdocument.example.com:80
https://subdocument.example.com:443
http://exception.subdocument.example.com:80

#
# Used while testing tracking protection (Bug 1580416)
# Not that apps.fbsbx.com is a public suffix
#
http://mochitest.apps.fbsbx.com:80

#
# Flash usage can fail unless this URL exists
#
http://fpdownload2.macromedia.com:80
https://fpdownload2.macromedia.com:443

# Bug 1281083
http://bug1281083.example.com:80

# Bug 483437, 484111
https://www.bank1.com:443           privileged,cert=escapeattack1

#
# CONNECT for redirproxy results in a 302 redirect to
# test1.example.com
#
https://redirproxy.example.com:443          privileged,redir=test1.example.com

# Host used for IndexedDB Quota testing
http://bug704464-1.example.com:80        privileged
http://bug704464-2.example.com:80        privileged
http://bug704464-3.example.com:80        privileged
http://bug702292.example.com:80          privileged

# W3C hosts.
# See http://www.w3.org/wiki/Testing/Requirements#The_Web_test_server_must_be_available_through_different_domain_names
http://w3c-test.org:80
http://w3c-test.org:81
http://w3c-test.org:82
http://w3c-test.org:83
http://www.w3c-test.org:80
http://www.w3c-test.org:81
http://www.w3c-test.org:82
http://www.w3c-test.org:83
http://www1.w3c-test.org:80
http://www1.w3c-test.org:81
http://www1.w3c-test.org:82
http://www1.w3c-test.org:83
http://www2.w3c-test.org:80
http://www2.w3c-test.org:81
http://www2.w3c-test.org:82
http://www2.w3c-test.org:83
# http://天気の良い日.w3c-test.org
http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:80
http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:81
http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:82
http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:83
# http://élève.w3c-test.org
http://xn--lve-6lad.w3c-test.org:80
http://xn--lve-6lad.w3c-test.org:81
http://xn--lve-6lad.w3c-test.org:82
http://xn--lve-6lad.w3c-test.org:83
# HTTPS versions of the above
https://w3c-test.org:443
https://www.w3c-test.org:443
https://www1.w3c-test.org:443
https://www2.w3c-test.org:443
https://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:443
https://xn--lve-6lad.w3c-test.org:443
http://test.w3.org:80

# Hosts for testing TLD-based fallback encoding
http://example.tw:80                privileged
http://example.cn:80                privileged
http://example.co.jp:80             privileged
http://example.fi:80                privileged
http://example.in:80                privileged
http://example.lk:80                privileged

# Host for HPKP
https://include-subdomains.pinning-dynamic.example.com:443        privileged,cert=dynamicPinningGood
https://bad.include-subdomains.pinning-dynamic.example.com:443    privileged,cert=dynamicPinningBad

# Host for static pin tests
https://badchain.include-subdomains.pinning.example.com:443       privileged,cert=staticPinningBad
https://fail-handshake.example.com:443                            privileged,failHandshake

# Host for bad cert domain fixup test
https://badcertdomain.example.com:443                             privileged,cert=badCertDomain
https://www.badcertdomain.example.com:443                         privileged,cert=badCertDomain
https://127.0.0.3:433                                             privileged,cert=badCertDomain
https://badcertdomain.example.com:82                              privileged,cert=badCertDomain
https://mismatch.badcertdomain.example.com:443                    privileged,cert=badCertDomain

# Hosts for HTTPS-First upgrades/downgrades
http://httpsfirst.com:80                                          privileged
https://httpsfirst.com:443                                        privileged,nocert

# Hosts for sha1 console warning tests
https://sha1ee.example.com:443                                    privileged,cert=sha1_end_entity
https://sha256ee.example.com:443                                  privileged,cert=sha256_end_entity

# Hosts for imminent distrust warning tests
https://imminently-distrusted.example.com:443                     privileged,cert=imminently_distrusted

# Hosts for ssl3/3des/tls1 tests
https://ssl3.example.com:443         privileged,ssl3
https://3des.example.com:443         privileged,3des,tls1,tls1_2
https://tls1.example.com:443         privileged,tls1
https://tls11.example.com:443        privileged,tls1_1
https://tls12.example.com:443        privileged,tls1_2
https://tls13.example.com:443        privileged,tls1,tls1_3

# Hosts for youtube rewrite tests
https://mochitest.youtube.com:443

# Host for U2F localhost tests
https://localhost:443

# Bug 1402530
http://localhost:80                 privileged

http://localhost:9898
http://localhost:9899

# Host for testing APIs whitelisted for mozilla.org
https://www.mozilla.org:443

# local-IP origins for password manager tests (Bug 1582499)
http://10.0.0.0:80                 privileged
http://192.168.0.0:80              privileged

# testing HTTPS-Only Suggestions on the Error Page (Bug 1665057)
https://www.suggestion-example.com:443      privileged,cert=bug1665057cert
http://suggestion-example.com:80            privileged
https://suggestion-example.com:443          privileged,cert=badCertDomain
http://no-suggestion-example.com:80         privileged
https://no-suggestion-example.com:443       privileged,cert=badCertDomain

# testing HTTPS-First doesn't show warning page for bad cert
http://nocert.example.com:80                    privileged
http://self-signed.example.com:80               privileged
http://untrusted.example.com:80                 privileged
http://untrusted-expired.example.com:80         privileged
http://no-subject-alt-name.example.com:80       privileged
http://expired.example.com:80                   privileged

# testing HTTPS-First behaviour for redirection (Bug 1706126)
http://redirect-example.com:80              privileged
https://redirect-example.com:443            privileged,cert=bug1706126cert
https://www.redirect-example.com:443        privileged,cert=bug1706126cert

# DoH server
https://foo.example.com:4433                privileged,cert=http2-cert.pem

# Mochitest
https://mochi.test:443                      privileged,cert=mochitest-cert.pem

# condprof common transactions
http://profile.stage.mozaws.net:80          privileged
https://profile.stage.mozaws.net:443        privileged
http://ocsp.pki.goog:80                     privileged
https://ocsp.pki.goog:443                   privileged

# External IP address only available via http (Bug 1855734)
http://123.123.123.123:80      privileged
https://123.123.123.123:443    privileged,nocert

# Domain with HSTS preloaded
http://includesubdomains.preloaded.test:80       privileged
https://includesubdomains.preloaded.test:443     privileged