You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
actually also exist in dot form (even though they are not known to PSL).
We have found them due to actual urls using them (for several months), which were misclassified as e.g. 'foo.s3.ap-northeast-1' subdomain under 'amazonaws.com'; instead of being treated as 'foo' domain under the s3 suffix. A check on other similar entries made us reach the above list.
Only on a few exceptions (s3-external-1, s3-fips-us-gov-west-1, s3-us-gov-west-1) is the dot form not available,
Based on observed behavior and @lawells description on #259, I think almost all s3- and s3-website- entries should actually
also have a corresponding s3. / s3-website. one.
Basically, running sed -Ei 's/^(s3(-website)?)-([^w].*\.amazonaws.com)$/&\n\1.\3/' public_suffix_list.dat
@INCIBE-CERT thanks for the notice - a teammate of mine responded to your email prior. I'm including our emailed response here for posterity:
Thanks for reaching out. We are tracking this internally with the S3 team and will update the Github issue once we have a PR issued with the external PSL maintainers.
@dnsguru Feel free to close this issue from @INCIBE-CERT, as we're currently tracking this issue internally.
We plan to include the necessary changes within the next submitted batch of zones within #1600.
Amazon seems to have moved some time ago from
s3 dash region dot amazonaws.com
to usings3 dot region dot amazonaws.com
While some entries are present in both forms:
The following PSL entries only in dash form
actually also exist in dot form (even though they are not known to PSL).
We have found them due to actual urls using them (for several months), which were misclassified as e.g. 'foo.s3.ap-northeast-1' subdomain under 'amazonaws.com'; instead of being treated as 'foo' domain under the s3 suffix. A check on other similar entries made us reach the above list.
Only on a few exceptions (s3-external-1, s3-fips-us-gov-west-1, s3-us-gov-west-1) is the dot form not available,
Based on observed behavior and @lawells description on #259, I think almost all
s3-
ands3-website-
entries should actuallyalso have a corresponding
s3.
/s3-website.
one.Basically, running
sed -Ei 's/^(s3(-website)?)-([^w].*\.amazonaws.com)$/&\n\1.\3/' public_suffix_list.dat
and removing duplicates.
This is consistent with the description at https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints that they are using the format protocol://service-code.region-code.amazonaws.com
@aph3rson can you confirm this and incorporate the changes on the next AWS update ?
Thanks
The text was updated successfully, but these errors were encountered: