github.com/letsencrypt/boulder@v0.20251208.0/test/ident-policy.yaml

github.com/letsencrypt/boulder@v0.20251208.0/test/ident-policy.yaml (about)

     1  #
     2  # Example YAML Boulder identifier policy
     3  #
     4  # This is *not* a production ready policy file and not reflective of Let's
     5  # Encrypt's policies! It is just an example.
     6  
     7  # ExactBlockedNames prevent issuance for the exact names listed, as well as
     8  # their wildcard form.
     9  ExactBlockedNames:
    10    - "highrisk.le-test.hoffman-andrews.com"
    11    - "exactblacklist.letsencrypt.org"
    12  
    13  # HighRiskBlockedNames prevent issuance for the exact names listed as well as
    14  # all subdomains/wildcards.
    15  HighRiskBlockedNames:
    16    # See RFC 3152
    17    - "ip6.arpa"
    18    # See RFC 2317
    19    - "in-addr.arpa"
    20    # Etc etc etc
    21    - "example"
    22    - "example.net"
    23    - "example.org"
    24    - "invalid"
    25    - "local"
    26    - "localhost"
    27    - "test"
    28  
    29  # AdminBlockedNames are treated the same as HighRiskBlockedNames by Boulder but
    30  # since they change more frequently based on administrative action over time
    31  # they are separated into their own list.
    32  AdminBlockedNames:
    33    - "sealand"
    34  
    35  # AdminBlockedPrefixes is a list of IP address prefixes. All IP addresses
    36  # contained within the prefix are blocked.
    37  #
    38  # To block a single IP, append "/32" for IPv4 or "/128" for IPv6.
    39  AdminBlockedPrefixes:
    40    - "64.112.117.66/32"
    41    - "64.112.117.68/30"
    42    - "224.0.0.0/4"
    43    - "2602:80a:6000:baa:ffff:ffff:ffff:ffff/128"
    44    - "2602:80a:6000:bad::/64"
    45    - "ff00::/8"