Domains to be whitelisted/allowlisted

Domains to be whitelisted/allowlisted

version: 2022-11-01
updated: 2023-23-03

Introduction

This is a community effort, if you experience issues, see mistakes/updates, or have other applications that you do know what to allowlist, please send a ticket to your Support Team.
Together we can make it easier for all.
Attention 1:
Some applications require additional proxy configurations (see below).
Understand that domain allowlisting can allow egress of data that is not audited/logged by mDRE.
  1. Inform your members what they can and cannot do.

For updates / upgrades OS

For CentOS VMs deployed before 2022-11-01 you'll need to manually configure the proxy configuration: Manual proxy configurations (mydre.org).
  1. Windows
    1. Nothing needed
  2. CentOS
    1. packages.microsoft.com
    2. epel.mirror.wearetriple.com
    3. ftp.nluug.nl
    4. mirror.proserve.nl
    5. centos.mirror.triple-it.nl
    6. mirrors.fedoraproject.org
  3. Ubuntu
    1. azure.archive.ubuntu.com
    2. packages.microsoft.com

Known applications

Anaconda / Miniconda

  1. conda.io
  2. anaconda.org
  3. anaconda.com

CBS OpenData

  1. opendata.cbs.nl

Github

In addition: Connecting to GitHub
  1. githubassets.com
  2. github.com
  3. githubusercontent.com
  4. git-scm.com

GenomeStudio 2.0

No domain allow needed, but a modification of hosts to speed up the startup time. GenomeStudio doesn't need internet access, but will try to dial home and waits for time out to continue.
  1. Open file explorer, go to: c:\windows\system32\drivers\etc
  2. Open hosts with Notepad++
  3. Add:
    127.0.0.1    www.illumina.com
  4. Save

Health RI Opal server

  • opal.health-ri.nl

Matlab

If your tenant does not offer a Matlab license via a license server (check with your local ST member), allowlist:
  1. mathworks.com

Microsoft

  1. General
    1. microsoftonline.com
    2. msauth.net
    3. msauthimages.net
  1. Office: activation with product key. 
    1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Office and potentially during reactivation. Therefore, after installing and activating Office, you can request to close the domains. This will be updated once we know more.
      1. microsoftonline.com
      2. office.com
      3. msauthimages.net
      4. msauth.net
      5. live.com
      6. cdn.office.net
      7. microsoft.com
  1. Sharepoint
    1. sharepoint.com
      You might want to restrict it to a specific subdomain e.g.   <your organization>.sharepoint.com

Notepad++

  1. notepad-plus-plus.org

NVIDIA GPU

  1. microsoft.com
  2. developer.download.nvidia.com

Nvivo

  1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Nvivo and potentially during reactivation. Therefore, after installing and activating Nvivo, you can request to close the domains. This will be updated once we know more.
    1. mynvivo.com
    2. qsrinternational.com
    3. auth0.com
  2. For additional NVivo functionality, the following domain may also be necessary:
    1. *.subscription-suite.io

MAXQDA

  1. maxqda.com
  2. verbi.de
  3. google.com

OpenAI (playground)

  1. openai.com
  2. googleapis.com
  3. google.com

PyPi

  1. pypi.org
  2. pythonhosted.org
  3. python.org
If you use just Python, set the following proxies via command line (as admin):
       set http_proxy="http://proxy.mydre.org:3128"
       set https_proxy="http://proxy.mydre.org:3128"
  1. python.org

R / RStudio

  1. r-project.org
  2. posit.co
  3. posit.co (new domain name for rstudio.com)
  4. posit.co (new domain name for rstudio.org)
  5. bioconductor.org
  6. tu-dortmund.de
  7. ac.at
  8. rstudio.com (while installing packages redirects you to old domain)
  9. rstudio.org (while installing packages redirects you to old domain)

Shiny

  1. r-project.org
  2. rstudio.com
  3. rstudio.org
  4. ac.at
  5. posit.co
  6. azure.archive.ubuntu.com
  7. packages.microsoft.com

Snapstore

  1. snapcraft.io

  1. snapcraftcontent.com

Support.mydre.org

  1. support.mydre.org
  2. zoho.eu
  3. zoho.com
  4. zohocdn.com
  5. zohostatic.eu
  6. zohopublic.eu

SURF Research Drive

(possibly you need to whitelist your Tenants domain as well)
  1. <your organization>.data.surfsara.nl
  2. <your organization>
  3. surfconext.nl
  4. surfsecureid.nl
  5. surfconext.nl

Tensorflow

  1. tensorflow.org
  2. storage.googleapis.com

ZorgTTP

Proxy configuration: https://www.zorgttp.nl/pvm/nivel/handleiding_installatie_en_gebruik_pvm_nivel_5.1.pdf (see page 11)
host: proxy.mydre.org, port 3128, leave other fields empty
  1. zorgttp.nl
  2. ocsp.quovadisglobal.com
  3. ocsp.digicert.com

    • Related Articles

    • Proxy configurations for connecting to a server or blob

      Version: 2022-11-02 Update: 2022-11-14 Introduction Domain allowlisting is a feature that is now available on myDRE. As the name implies, domains on the allowlist can be accessed from within the Workspace (you can request specific domain on the ...
    • External access in your workspace

      Introduction By default myDRE workspaces do not have connection to the internet. This ensures that data within the workspace is secure and auditable - we know what comes in, and what goes out. However, sometimes you do need a connection to a web ...
    • Connecting to GitHub

      1. Whitelisting GitHub domains Submit a ticket requesting the following domains to be whitelisted for a workspace . github.com . githubassets.com . git-scm.com .githubusercontent.com Windows VM Check that proxy settings are correct by navigating ...
    • andrea-Ubuntu20

      This is an Linux Ubuntu 20 base image provided by anDREa.  This image is especially intended for being used in combination with a GPU virtual machine. Please read more about suitable virtual machine types here or ask your local support team member ...
    • R/RStudio installation using domain allowlisting

      Introduction For general domain allowlisting setup, please read more here. Certain software might need manual proxy configurations to be set in the software settings, before the software is able to reach domains through a proxy. In this article we ...