Domains to be whitelisted/allowlisted for known applications
First version: 2022-11-01
Last updated: 2024-06-07
Last change: Added link to information on extra settings necessary for Stata.
Introduction
This is a community effort, if you experience issues, see mistakes/updates, or have other applications that you do know what to allowlist, please send a ticket to your Support Team. Together we can make it easier for all.
Domain allowlisting is a self-service feature for Accountable and Privileged Members; a ticket is not needed anymore.
Attention 1:
Some applications require additional proxy configurations (see below).
Understand that domain allowlisting can allow egress of data that is not audited/logged by mDRE.
- Inform your members what they can and cannot do.
The Workspaces in myDRE do not have internet access by default. Certain internet access has been available through the External Access tab in the form of IP allowlisting. More recently, ticket-based domain allowlisting was introduced to deal with access to websites that have dynamic IP ranges. From 2023-11-28, domain allowlisting will be a self-service feature for Accountable and Privileged Members. However, it can sometimes be difficult to trace the exact (sub)domains for making programs work correctly. Therefore, we have compiled a list of domains for known applications, based on our own tests and user feedback. This list will be regularly updated.
For updates / upgrades OS
- Windows Server 2019
- Nothing needed
- CentOS 7.5
- packages.microsoft.com
- epel.mirror.wearetriple.com
- ftp.nluug.nl
- mirror.proserve.nl
- centos.mirror.triple-it.nl
- mirrors.fedoraproject.org
- Ubuntu 20 and 22
- azure.archive.ubuntu.com
- packages.microsoft.com
Known applications
Anaconda / Miniconda
- conda.io
- anaconda.org
- anaconda.com
Atlas.ti
- atlasti.com
Castor EDC
Please be aware that the bottom three domains are required for Erasmus MC users. For other users, the domains might differ.
- data.castoredc.com
- login.microsoftonline.com
- sts.erasmusmc.nl
- aadcdn.msauth.net
CBS OpenData (updated 2024-02-19)
- beta-odata4.cbs.nl
Docker (on Ubuntu)
- azure.archives.ubuntu.com
- packages.microsoft.com
- docker.io
- docker.com
- OPTIONAL AND ONLY IF REQUIRED:
- huggingface.co
Fiji
Some settings need to be set within
Fiji itself.
- imagej.net
- fiji.sc
- Any domains that contain necessary packages
Github
- githubassets.com
- github.com
- githubusercontent.com
- git-scm.com
- gist.github.com
GenomeStudio 2.0
No domain allow needed, but a modification of hosts to speed up the startup time. GenomeStudio doesn't need internet access, but will try to dial home and waits for time out to continue.
- Open file explorer, go to: c:\windows\system32\drivers\etc
- Open hosts with Notepad++
- Add:
127.0.0.1 www.illumina.com - Save
Health RI Opal server
Matlab
If your organization does not offer a Matlab license via a license server (check with your local ST member), allowlist:
- mathworks.com
General
- microsoftonline.com
- msauth.net
- msauthimages.net
- Microsoft Office: activation with product key.
- From what we've gathered, it looks like the domains only need to be allowed during the activation of Office and potentially during reactivation. Therefore, after installing and activating Office, you can request to close the domains. This will be updated once we know more.
- microsoftonline.com
- office.com
- msauthimages.net
- msauth.net
- live.com
- cdn.office.net
- microsoft.com
- Sharepoint
- sharepoint.com - You might want to restrict it to a specific subdomain e.g. <your organization>.sharepoint.com
Notepad++
- notepad-plus-plus.org
NVIDIA GPU
- microsoft.com
- developer.download.nvidia.com
Nvivo
- From what we've gathered, it looks like the domains only need to be allowed during the activation of Nvivo and potentially during reactivation. Therefore, after installing and activating Nvivo, you can request to close the domains. This will be updated once we know more.
- mynvivo.com
- qsrinternational.com
- auth0.com
- For additional NVivo functionality, the following domain may also be necessary:
- *.subscription-suite.io
MAXQDA
- maxqda.com
- verbi.de
- google.com
OpenAI (playground)
- openai.com
- googleapis.com
- google.com
PyCharm
- jetbrains.com
- python.org
- OPTIONAL AND ONLY IF ACCESS TO GITHUB IS REQUIRED:
- github.com
- githubusercontent.com
- githubassets.com
- git-scm.com
- OPTIONAL AND ONLY IF SOURCERY PLUGIN IS REQUIRED:
- sourcery.ai
- github.com
- githubusercontent.com
- githubassets.com
- git-scm.com
PyPi
- pypi.org
- pythonhosted.org
- python.org
Python
- python.org
R / RStudio
- r-project.org
- posit.co
- rstudio.com
- rstudio.org
- OPTIONAL AND ONLY IF ACCESS TO BIOCONDUCTOR IS REQUIRED:
- bioconductor.org
- OPTIONAL AND ONLY IF ACCESS TO GITHUB IS REQUIRED:
- github.com
- githubusercontent.com
- githubassets.com
- git-scm.com
Shiny
- r-project.org
- rstudio.com
- rstudio.org
- ac.at
- posit.co
- azure.archive.ubuntu.com
- packages.microsoft.com
Snapstore
- snapcraft.io
- snapcraftcontent.com
STATA updates and packages
- stata.com
- stata-journal.com
- repec.org
- fmwww.bc.edu
Support.mydre.org
- support.mydre.org
- zoho.eu
- zoho.com
- zohocdn.com
- zohostatic.eu
- zohopublic.eu
SURF Filesender
- filesender.surf.nl
- surfconext.nl
In addition, depending on your organization, you need to allowlist certain organization-specific domains.
For RUMC:
- microsoftonline.com
- msauth.net
- msauthimages.net
SURF Research Drive
(possibly you need to whitelist your Tenants domain as well)
- <your organization>.data.surfsara.nl
- <your organization> login page
- surfconext.nl
- surfsecureid.nl
Tensorflow
- tensorflow.org
- storage.googleapis.com
Visual Studio Code extensions
- visualstudio.com
- vsassets.io
- azureedge.net
- Depending on the extension you want to install, allowlist additional domains. For example, if you want to install a Python extensions, also allow python.org.
ZorgTTP
- zorgttp.nl
- ocsp.quovadisglobal.com
- ocsp.digicert.com
Related Articles
Castor
Setting up for Direct Access The method for accessing websites and internet-dependent services detailed on this page is outdated. We recommend to use domain-allowlisting, which is a self-service feature in the myDRE portal. Please see Domains to be ...
Installing docker on Ubuntu 22
First version: 2023-11-24 Last version: 2024-01-12 Last change: Small corrections to reflect that domain allowlisting is now a self-service feature. This is a community effort. The article was created through collaboration of the anDREa Support Team ...
Fiji
Fiji is an image processing package — a "batteries-included" distribution of ImageJ, bundling many plugins which facilitate scientific image analysis. Like ImageJ itself, Fiji is an open source project hosted on GitHub, developed and written by the ...
Using Castor in Python
Introduction anDREa would like to thank Reinier van Linschoten for bringing this package and description to our attention. This is a Python package for interacting with the API of Castor Electronic Data Capture (EDC). The package contains functions ...
Installing PyCharm with Sourcery plugin
First version: 2023-11-27 Last version: - Last change: - This is a community effort. The article was created by the anDREa Support Team in their spare time. If you have found a more efficient way to approach this, please contact us and we will update ...