server-locations.txt (17708B)
1 # 2 # This Source Code Form is subject to the terms of the Mozilla Public 3 # License, v. 2.0. If a copy of the MPL was not distributed with this 4 # file, You can obtain one at http://mozilla.org/MPL/2.0/. 5 6 # 7 # This file defines the locations at which this HTTP server may be accessed. 8 # It is referred to by the following page, so if this file moves, that page must 9 # be modified accordingly: 10 # 11 # https://firefox-source-docs.mozilla.org/testing/mochitest-plain/faq.html 12 # 13 # Empty lines and lines which begin with "#" are ignored and may be used for 14 # storing comments. All other lines consist of an origin followed by whitespace 15 # and a comma-separated list of options (if indeed any options are needed). 16 # 17 # The format of an origin is, referring to RFC 2396, a scheme (either "http" or 18 # "https"), followed by "://", followed by a host, followed by ":", followed by 19 # a port number. The colon and port number must be present even if the port 20 # number is the default for the protocol. 21 # 22 # After adding a new https host, it's necessary to generate the default cert 23 # again by running ./mach python build/pgo/genpgocert.py, and commit the result. 24 # 25 # Unrecognized options are ignored. Recognized options are "primary" and 26 # "privileged", "nocert", "cert=some_cert_nickname", "redir=hostname" and 27 # "failHandshake". 28 # 29 # "primary" denotes a location which is the canonical location of 30 # the server; this location is the one assumed for requests which don't 31 # otherwise identify a particular origin (e.g. HTTP/1.0 requests). 32 # 33 # "privileged" denotes a location which should have the ability to request 34 # elevated privileges; the default is no privileges. 35 # 36 # "nocert" makes sense only for https:// hosts and means there is not 37 # any certificate automatically generated for this host. 38 # 39 # "failHandshake" causes the tls handshake to fail (by sending a client hello to 40 # the client). 41 # 42 # "cert=nickname" tells the pgo server to use a particular certificate 43 # for this host. The certificate is referenced by its nickname that must 44 # not contain any spaces. The certificate key files (PKCS12 modules) 45 # for custom certification are loaded from build/pgo/certs 46 # directory. When new certificate is added to this dir pgo/ssltunnel 47 # must be built then. This is only necessary for cases where we really do 48 # want specific certs. 49 # You can find instructions on how to add or modify certificates at: 50 # https://firefox-source-docs.mozilla.org/build/buildsystem/test_certificates.html 51 # 52 # "redir=hostname" tells the pgo server is only used for https:// 53 # hosts while processing the CONNECT tunnel request. It responds 54 # to the CONNECT with a 302 and redirection to the hostname instead 55 # of connecting to the real back end and replying with a 200. This 56 # mode exists primarily to ensure we don't allow a proxy to do that. 57 # 58 59 # 60 # This is the primary location from which tests run. 61 # 62 http://mochi.test:8888 primary,privileged 63 64 # 65 # These are a common set of prefixes scattered across one TLD with two ports and 66 # another TLD on a single port. 67 # 68 http://127.0.0.1:80 privileged 69 http://127.0.0.1:8888 privileged 70 http://test:80 privileged 71 http://mochi.test:8888 privileged 72 http://mochi.xorigin-test:8888 privileged 73 http://test1.mochi.test:8888 74 http://sub1.test1.mochi.test:8888 75 http://sub2.xn--lt-uia.mochi.test:8888 76 http://test2.mochi.test:8888 77 http://example.org:80 privileged 78 http://test1.example.org:80 privileged 79 http://test2.example.org:80 privileged 80 http://test3.example.org:80 privileged 81 http://sub1.test1.example.org:80 privileged 82 http://sub1.test2.example.org:80 privileged 83 http://sub2.test1.example.org:80 privileged 84 http://sub2.test2.example.org:80 privileged 85 http://example.org:8000 privileged 86 http://test1.example.org:8000 privileged 87 http://test2.example.org:8000 privileged 88 http://sub1.test1.example.org:8000 privileged 89 http://sub1.test2.example.org:8000 privileged 90 http://sub2.test1.example.org:8000 privileged 91 http://sub2.test2.example.org:8000 privileged 92 http://example.com:80 privileged 93 http://example.onion:80 privileged 94 http://www.example.com:80 privileged 95 http://test1.example.com:80 privileged 96 http://test2.example.com:80 privileged 97 http://sub1.test1.example.com:80 privileged 98 http://sub1.test2.example.com:80 privileged 99 http://sub2.test1.example.com:80 privileged 100 http://sub2.test2.example.com:80 privileged 101 http://example.net:80 privileged 102 http://supports-insecure.expired.example.com:80 privileged 103 # Used to test that clearing Service Workers for domain example.com, does not clear prefixexample.com 104 http://prefixexample.com:80 105 106 # The first HTTPS location is used to generate the Common Name (CN) value of the 107 # certificate's Issued To field. 108 https://example.com:443 privileged 109 https://www.example.com:443 privileged 110 https://test1.example.com:443 privileged 111 https://test2.example.com:443 privileged 112 https://test3.example.com:443 113 https://example.org:443 privileged 114 https://test1.example.org:443 privileged 115 https://test2.example.org:443 privileged 116 https://test3.example.org:443 117 https://sub1.test1.example.org:443 privileged 118 https://sub1.test2.example.org:443 privileged 119 https://sub2.test1.example.org:443 privileged 120 https://sub2.test2.example.org:443 privileged 121 https://sub1.test1.example.com:443 privileged 122 https://sub1.test2.example.com:443 privileged 123 https://sub2.test1.example.com:443 privileged 124 https://sub2.test2.example.com:443 privileged 125 https://example.net:443 privileged 126 https://nocert.example.com:443 privileged,nocert 127 https://nocert.example.org:443 privileged,nocert 128 https://self-signed.example.com:443 privileged,cert=selfsigned 129 https://untrusted.example.com:443 privileged,cert=untrusted 130 https://expired.example.com:443 privileged,cert=expired 131 https://requestclientcert.example.com:443 privileged,clientauth=request 132 https://requireclientcert.example.com:443 privileged,clientauth=require 133 https://requireclientcert-2.example.com:443 privileged,clientauth=require 134 https://requireclientcert-untrusted.example.com:443 privileged,clientauth=require,cert=untrusted 135 https://mismatch.expired.example.com:443 privileged,cert=expired 136 https://mismatch.untrusted.example.com:443 privileged,cert=untrusted 137 https://untrusted-expired.example.com:443 privileged,cert=untrustedandexpired 138 https://mismatch.untrusted-expired.example.com:443 privileged,cert=untrustedandexpired 139 https://supports-insecure.expired.example.com:443 privileged,cert=expired 140 https://no-subject-alt-name.example.com:443 cert=noSubjectAltName 141 https://issued-by-cca.example.com:443 privileged,cert=issuedByCCA 142 143 # Used for secure contexts on ip addresses, see bug 1616675. Note that 144 # 127.0.0.1 prompts ssltunnel.cpp to do special-cases, so we use .2 145 https://127.0.0.2:443 privileged,ipV4Address 146 https://secureonly.example.com:443 147 148 # Prevent safebrowsing tests from hitting the network for its-a-trap.html and 149 # its-an-attack.html. 150 http://www.itisatrap.org:80 151 https://www.itisatrap.org:443 152 153 # 154 # These are subdomains of <ält.example.org>. 155 # 156 http://sub1.xn--lt-uia.example.org:8000 privileged 157 http://sub2.xn--lt-uia.example.org:80 privileged 158 http://xn--exmple-cua.test:80 privileged 159 http://sub1.xn--exmple-cua.test:80 privileged 160 http://xn--exaple-kqf.test:80 privileged 161 http://sub1.xn--exaple-kqf.test:80 privileged 162 163 https://xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged 164 https://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged 165 166 # 167 # These are subdomains of <παράδειγμα.δοκιμή>, the Greek IDN for example.test. 168 # 169 http://xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged 170 http://sub1.xn--hxajbheg2az3al.xn--jxalpdlp:80 privileged 171 172 # Bug 413909 test host 173 https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp:443 privileged,cert=bug413909cert 174 175 # 176 # These hosts are used in tests which exercise privilege-granting functionality; 177 # we could reuse some of the names above, but specific names make it easier to 178 # distinguish one from the other in tests (as well as what functionality is 179 # being tested). 180 # 181 http://sectest1.example.org:80 privileged 182 http://sub.sectest2.example.org:80 privileged 183 http://sectest2.example.org:80 184 http://sub.sectest1.example.org:80 185 186 https://sectest1.example.org:443 privileged 187 https://sub.sectest2.example.org:443 privileged 188 https://sectest2.example.org:443 189 https://sub.sectest1.example.org:443 190 191 # 192 # Used while testing the url-classifier 193 # 194 http://malware.example.com:80 195 http://unwanted.example.com:80 196 http://tracking.example.com:80 197 http://cryptomining.example.com:80 198 http://fingerprinting.example.com:80 199 http://not-tracking.example.com:80 200 http://tracking.example.org:80 201 http://another-tracking.example.net:80 202 http://social-tracking.example.org:80 203 http://itisatracker.org:80 204 http://trackertest.org:80 205 http://email-tracking.example.org:80 206 http://consent-manager.example.org:80 207 http://anti-fraud.example.org:80 208 209 # 210 # Used while testing TLS session ticket resumption for third-party trackers (bug 1500533) 211 # (DO NOT USE THIS HOST IN OTHER TESTS!) 212 # 213 https://tlsresumptiontest.example.org:443 214 215 https://malware.example.com:443 216 https://unwanted.example.com:443 217 https://tracking.example.com:443 218 https://cryptomining.example.com:443 219 https://fingerprinting.example.com:443 220 https://not-tracking.example.com:443 221 https://tracking.example.org:443 222 https://another-tracking.example.net:443 223 https://social-tracking.example.org:443 224 https://itisatracker.org:443 225 https://email-tracking.example.org:443 226 https://consent-manager.example.org:443 227 https://anti-fraud.example.org:443 228 229 # 230 # Used while testing flash blocking (Bug 1307604) 231 # 232 http://flashallow.example.com:80 233 http://exception.flashallow.example.com:80 234 http://flashblock.example.com:80 235 http://exception.flashblock.example.com:80 236 http://subdocument.example.com:80 237 https://subdocument.example.com:443 238 http://exception.subdocument.example.com:80 239 240 # 241 # Used while testing tracking protection (Bug 1580416) 242 # Not that apps.fbsbx.com is a public suffix 243 # 244 http://mochitest.apps.fbsbx.com:80 245 246 # 247 # Flash usage can fail unless this URL exists 248 # 249 http://fpdownload2.macromedia.com:80 250 https://fpdownload2.macromedia.com:443 251 252 # Bug 1281083 253 http://bug1281083.example.com:80 254 255 # Bug 483437, 484111 256 https://www.bank1.com:443 privileged,cert=escapeattack1 257 258 # 259 # CONNECT for redirproxy results in a 302 redirect to 260 # test1.example.com 261 # 262 https://redirproxy.example.com:443 privileged,redir=test1.example.com 263 264 # Host used for IndexedDB Quota testing 265 http://bug704464-1.example.com:80 privileged 266 http://bug704464-2.example.com:80 privileged 267 http://bug704464-3.example.com:80 privileged 268 http://bug702292.example.com:80 privileged 269 270 # W3C hosts. 271 # See http://www.w3.org/wiki/Testing/Requirements#The_Web_test_server_must_be_available_through_different_domain_names 272 http://w3c-test.org:80 273 http://w3c-test.org:81 274 http://w3c-test.org:82 275 http://w3c-test.org:83 276 http://www.w3c-test.org:80 277 http://www.w3c-test.org:81 278 http://www.w3c-test.org:82 279 http://www.w3c-test.org:83 280 http://www1.w3c-test.org:80 281 http://www1.w3c-test.org:81 282 http://www1.w3c-test.org:82 283 http://www1.w3c-test.org:83 284 http://www2.w3c-test.org:80 285 http://www2.w3c-test.org:81 286 http://www2.w3c-test.org:82 287 http://www2.w3c-test.org:83 288 # http://天気の良い日.w3c-test.org 289 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:80 290 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:81 291 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:82 292 http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:83 293 # http://élève.w3c-test.org 294 http://xn--lve-6lad.w3c-test.org:80 295 http://xn--lve-6lad.w3c-test.org:81 296 http://xn--lve-6lad.w3c-test.org:82 297 http://xn--lve-6lad.w3c-test.org:83 298 # HTTPS versions of the above 299 https://w3c-test.org:443 300 https://www.w3c-test.org:443 301 https://www1.w3c-test.org:443 302 https://www2.w3c-test.org:443 303 https://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:443 304 https://xn--lve-6lad.w3c-test.org:443 305 http://test.w3.org:80 306 307 # Hosts for testing TLD-based fallback encoding 308 http://example.tw:80 privileged 309 http://example.cn:80 privileged 310 http://example.co.jp:80 privileged 311 http://example.fi:80 privileged 312 http://example.in:80 privileged 313 http://example.lk:80 privileged 314 315 # Host for HPKP 316 https://include-subdomains.pinning-dynamic.example.com:443 privileged,cert=dynamicPinningGood 317 https://bad.include-subdomains.pinning-dynamic.example.com:443 privileged,cert=dynamicPinningBad 318 319 # Host for static pin tests 320 https://badchain.include-subdomains.pinning.example.com:443 privileged,cert=staticPinningBad 321 https://fail-handshake.example.com:443 privileged,failHandshake 322 323 # Hosts for bad cert domain fixup tests 324 https://badcertdomain.example.com:443 privileged,cert=badCertDomain 325 https://www.badcertdomain.example.com:443 privileged,cert=badCertDomain 326 https://127.0.0.3:433 privileged,cert=badCertDomain 327 https://badcertdomain.example.com:82 privileged,cert=badCertDomain 328 https://mismatch.badcertdomain.example.com:443 privileged,cert=badCertDomain 329 https://badcertdomain2.example.com:443 privileged,cert=badCertDomain2 330 https://www.badcertdomain2.example.com:443 privileged,cert=badCertDomain2 331 332 # Hosts for HTTPS-First upgrades/downgrades 333 http://httpsfirst.com:80 privileged 334 https://httpsfirst.com:443 privileged,nocert 335 https://invalid.example.com:443 privileged,nocert 336 http://httpsfirst.local:80 privileged 337 https://httpsfirst.local:443 privileged,nocert 338 339 # Hosts for sha1 console warning tests 340 https://sha1ee.example.com:443 privileged,cert=sha1_end_entity 341 https://sha256ee.example.com:443 privileged,cert=sha256_end_entity 342 343 # Hosts for imminent distrust warning tests 344 https://imminently-distrusted.example.com:443 privileged,cert=imminently_distrusted 345 346 # Hosts for ssl3/3des/tls1 tests 347 https://ssl3.example.com:443 privileged,ssl3 348 https://3des.example.com:443 privileged,3des,tls1,tls1_2 349 https://tls1.example.com:443 privileged,tls1 350 https://tls11.example.com:443 privileged,tls1_1 351 https://tls12.example.com:443 privileged,tls1_2 352 https://tls13.example.com:443 privileged,tls1,tls1_3 353 354 # Hosts for youtube rewrite tests 355 https://mochitest.youtube.com:443 356 357 # Hosts for WebAuthn localhost tests 358 https://localhost:443 359 https://badcertdomain.localhost:443 cert=badCertDomain 360 361 # Bug 1402530 362 http://localhost:80 privileged 363 364 http://localhost:9898 365 http://localhost:9899 366 367 # Host for testing APIs whitelisted for mozilla.org 368 https://www.mozilla.org:443 369 370 # local-IP origins for password manager tests (Bug 1582499) 371 http://10.0.0.0:80 privileged 372 http://192.168.0.0:80 privileged 373 374 # testing HTTPS-Only Suggestions on the Error Page (Bug 1665057) 375 https://www.suggestion-example.com:443 privileged,cert=bug1665057cert 376 http://suggestion-example.com:80 privileged 377 https://suggestion-example.com:443 privileged,cert=badCertDomain 378 http://no-suggestion-example.com:80 privileged 379 https://no-suggestion-example.com:443 privileged,cert=badCertDomain 380 381 # testing HTTPS-First doesn't show warning page for bad cert 382 http://nocert.example.com:80 privileged 383 http://nocert.example.org:80 privileged 384 http://self-signed.example.com:80 privileged 385 http://untrusted.example.com:80 privileged 386 http://untrusted-expired.example.com:80 privileged 387 http://no-subject-alt-name.example.com:80 privileged 388 http://expired.example.com:80 privileged 389 390 # testing HTTPS-First behaviour for redirection (Bug 1706126) 391 http://redirect-example.com:80 privileged 392 https://redirect-example.com:443 privileged,cert=bug1706126cert 393 https://www.redirect-example.com:443 privileged,cert=bug1706126cert 394 395 # DoH server 396 https://foo.example.com:4433 privileged,cert=http2-cert.pem 397 398 # Mochitest 399 https://mochi.test:443 privileged,cert=mochitest-cert.pem 400 401 # condprof common transactions 402 http://profile.stage.mozaws.net:80 privileged 403 https://profile.stage.mozaws.net:443 privileged 404 http://ocsp.pki.goog:80 privileged 405 https://ocsp.pki.goog:443 privileged 406 407 # External IP address only available via http (Bug 1855734) 408 http://123.123.123.123:80 privileged 409 https://123.123.123.123:443 privileged,nocert 410 411 # Domain with HSTS preloaded 412 http://includesubdomains.preloaded.test:80 privileged 413 https://includesubdomains.preloaded.test:443 privileged 414 415 # Profiler URL to test profile uploads 416 https://api.profiler.firefox.com:443 417 418 # FirefoxRelay test country and PSL-specific deny- and allow-list matching 419 http://accounts.example.com.ar:80 privileged 420 https://accounts.example.com.ar:443 privileged 421 422 https://1-qwac.example.com:443 privileged,cert=1-qwac 423 https://bound-by-2-qwac.example.com:443 privileged,cert=bound-by-2-qwac