Domains to be whitelisted/allowlisted for known applications

First version: 2022-11-01

Last updated: 2024-06-07

Last change: Added link to information on extra settings necessary for Stata.

Introduction

This is a community effort, if you experience issues, see mistakes/updates, or have other applications that you do know what to allowlist, please send a ticket to your Support Team. Together we can make it easier for all.

Domain allowlisting is a self-service feature for Accountable and Privileged Members; a ticket is not needed anymore.

Attention 1:

Some applications require additional proxy configurations (see below).

Understand that domain allowlisting can allow egress of data that is not audited/logged by mDRE.

1. Inform your members what they can and cannot do.
   

The Workspaces in myDRE do not have internet access by default. Certain internet access has been available through the External Access tab in the form of IP allowlisting. More recently, ticket-based domain allowlisting was introduced to deal with access to websites that have dynamic IP ranges. From 2023-11-28, domain allowlisting will be a self-service feature for Accountable and Privileged Members. However, it can sometimes be difficult to trace the exact (sub)domains for making programs work correctly. Therefore, we have compiled a list of domains for known applications, based on our own tests and user feedback. This list will be regularly updated.

For updates / upgrades OS

For CentOS VMs deployed before 2022-11-01 you'll need to manually configure the proxy configuration: Manual proxy configurations (mydre.org).

1. Windows Server 2019
   
1. Nothing needed

1. CentOS 7.5
   
1. packages.microsoft.com
   
2. epel.mirror.wearetriple.com
3. ftp.nluug.nl
4. mirror.proserve.nl
5. centos.mirror.triple-it.nl
6. mirrors.fedoraproject.org

1. Ubuntu 20 and 22
   
1. azure.archive.ubuntu.com
   
2. packages.microsoft.com
   

Known applications

Anaconda / Miniconda

How to set the proxy settings in Anaconda: Proxy configurations Anaconda / Miniconda

1. conda.io
2. anaconda.org
3. anaconda.com
   

Atlas.ti

1. atlasti.com

Castor EDC

Please be aware that the bottom three domains are required for Erasmus MC users. For other users, the domains might differ.

1. data.castoredc.com
   
2. login.microsoftonline.com
   
3. sts.erasmusmc.nl
   
4. aadcdn.msauth.net

CBS OpenData (updated 2024-02-19)

1. beta-odata4.cbs.nl
   

See for further instructions: https://github.com/statistiekcbs/CBS-Open-Data-v4/tree/master

Docker (on Ubuntu)

How to set proxy settings in Docker: Installing docker on Ubuntu 22

1. azure.archives.ubuntu.com
   
2. packages.microsoft.com
   
3. docker.io
   
4. docker.com
   
5. OPTIONAL AND ONLY IF REQUIRED:
   
1. huggingface.co
   

Fiji

Some settings need to be set within Fiji itself.

1. imagej.net
   
2. fiji.sc
   
3. Any domains that contain necessary packages

Github

In addition: Connecting to GitHub

1. githubassets.com
2. github.com
3. githubusercontent.com
4. git-scm.com
   

Read Copying and Pasting in myDRE: Easy or Safe? before allowlisting the following domain:

1. gist.github.com
   

GenomeStudio 2.0

No domain allow needed, but a modification of hosts to speed up the startup time. GenomeStudio doesn't need internet access, but will try to dial home and waits for time out to continue.

1. Open file explorer, go to: c:\windows\system32\drivers\etc
   
2. Open hosts with Notepad++
   
3. Add:
   127.0.0.1    www.illumina.com
4. Save

Health RI Opal server

• opal.health-ri.nl
  

Matlab

If your organization does not offer a Matlab license via a license server (check with your local ST member), allowlist:

1. mathworks.com

Microsoft-related applications such as 

1. General
   
1. microsoftonline.com
2. msauth.net
3. msauthimages.net

1. Microsoft Office: activation with product key. 
   
1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Office and potentially during reactivation. Therefore, after installing and activating Office, you can request to close the domains. This will be updated once we know more.
   
1. microsoftonline.com
   
2. office.com
   
3. msauthimages.net
   
4. msauth.net
   
5. live.com
   
6. cdn.office.net
   
7. microsoft.com
   

1. Sharepoint
   
1. sharepoint.com - You might want to restrict it to a specific subdomain e.g.   <your organization>.sharepoint.com
   

Notepad++

1. notepad-plus-plus.org

NVIDIA GPU

1. microsoft.com
   
2. developer.download.nvidia.com
   

Nvivo

1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Nvivo and potentially during reactivation. Therefore, after installing and activating Nvivo, you can request to close the domains. This will be updated once we know more.
1. mynvivo.com
   
2. qsrinternational.com
   
3. auth0.com
2. For additional NVivo functionality, the following domain may also be necessary:
1. *.subscription-suite.io

MAXQDA

1. maxqda.com
2. verbi.de
3. google.com
   

OpenAI (playground)

Please read carefully: Terms of use (openai.com)

You'll be needing a key: https://platform.openai.com/docs/quickstart/build-your-application

1. openai.com
2. googleapis.com
3. google.com

PyCharm

How to set proxy settings in PyCharm: Installing PyCharm and Sourcery

1. jetbrains.com
   
2. python.org
   
3. OPTIONAL AND ONLY IF ACCESS TO GITHUB IS REQUIRED:
   
1. github.com
   
2. githubusercontent.com
   
3. githubassets.com
   
4. git-scm.com
   
4. OPTIONAL AND ONLY IF SOURCERY PLUGIN IS REQUIRED:
   
1. sourcery.ai
2. github.com
   
3. githubusercontent.com
   
4. githubassets.com
   
5. git-scm.com
   

PyPi

How to set proxy settings in Anaconda: Proxy configurations Anaconda / miniConda

1. pypi.org
2. pythonhosted.org
   
3. python.org

Python

How to set proxy settings in Anaconda: Proxy configurations Anaconda / miniConda

1. python.org
   

R / RStudio

How to set proxy settings in R: R / RStudio installation with domain allowlisting

1. r-project.org
   
2. posit.co
3. rstudio.com 
4. rstudio.org
   
5. OPTIONAL AND ONLY IF ACCESS TO BIOCONDUCTOR IS REQUIRED:
   
1. bioconductor.org
   
6. OPTIONAL AND ONLY IF ACCESS TO GITHUB IS REQUIRED:
   
1. github.com
   
2. githubusercontent.com
   
3. githubassets.com
   
4. git-scm.com

Shiny

See the article: Shiny Server in a myDRE Workspace

1. r-project.org
2. rstudio.com
3. rstudio.org
4. ac.at
5. posit.co
6. azure.archive.ubuntu.com
7. packages.microsoft.com

Snapstore

1. snapcraft.io
2. snapcraftcontent.com

STATA updates and packages

How to set proxy settings in Stata: Stata (in RUMC section)

1. stata.com
2. stata-journal.com
   
3. repec.org
   
4. fmwww.bc.edu

Support.mydre.org

1. support.mydre.org
2. zoho.eu
3. zoho.com
4. zohocdn.com
5. zohostatic.eu
   
6. zohopublic.eu

SURF Filesender

1. filesender.surf.nl
   
2. surfconext.nl
   

In addition, depending on your organization, you need to allowlist certain organization-specific domains.

For RUMC:

1. microsoftonline.com
   
2. msauth.net
   
3. msauthimages.net

SURF Research Drive

(possibly you need to whitelist your Tenants domain as well)

1. <your organization>.data.surfsara.nl
2. <your organization> login page
3. surfconext.nl
4. surfsecureid.nl
   

Tensorflow

1. tensorflow.org
   
2. storage.googleapis.com

Visual Studio Code extensions

Prerequisite: in Visual Studio Code, go to File > Settings > search for proxy. Fill in http://proxy.mydre.org:3128

1. visualstudio.com
   
2. vsassets.io
   
3. azureedge.net
   
4. Depending on the extension you want to install, allowlist additional domains. For example, if you want to install a Python extensions, also allow python.org.

ZorgTTP

Proxy configuration: https://www.zorgttp.nl/pvm/nivel/handleiding_installatie_en_gebruik_pvm_nivel_5.1.pdf (see page 11)
host: proxy.mydre.org, port 3128, leave other fields empty

1. zorgttp.nl
   
2. ocsp.quovadisglobal.com
   
3. ocsp.digicert.com

• Related Articles

• Castor

  Setting up for Direct Access The method for accessing websites and internet-dependent services detailed on this page is outdated. We recommend to use domain-allowlisting, which is a self-service feature in the myDRE portal. Please see Domains to be ...

• Python, Anaconda and JupyterLab

  With domain allowlisting now being a self-service feature, this is the preferred option. For proxy settings in Anaconda in combination with domain allowlisting, please follow this article: ...

• Installing docker on Ubuntu 22

  First version: 2023-11-24 Last version: 2024-01-12 Last change: Small corrections to reflect that domain allowlisting is now a self-service feature. This is a community effort. The article was created through collaboration of the anDREa Support Team ...

• Fiji

  Fiji is an image processing package — a "batteries-included" distribution of ImageJ, bundling many plugins which facilitate scientific image analysis. Like ImageJ itself, Fiji is an open source project hosted on GitHub, developed and written by the ...

• Using Castor in Python

  Introduction anDREa would like to thank Reinier van Linschoten for bringing this package and description to our attention. This is a Python package for interacting with the API of Castor Electronic Data Capture (EDC). The package contains functions ...