Skip to main content

Search

How do I ignore domains on my Cloned CSS Canarytokens?

How to exclude specific domains from triggering alerts on your Cloned CSS Canarytokens by adding them to the "Domain ignore list" in the Canary Console, using wildcards, option lists, and protocol matching to filter out legitimate development domains.

When a Cloned CSS Canarytoken is placed on your websites, you will get notified when it is hosted on another domain, which will include legitimate domains sometimes used during development. To ignore alerts coming from legitimate domains, you must add them to the "Domain ignore list" of the Canarytoken.

Note

The Domain ignore list used for Cloned CSS and Azure Entra ID Login Canarytokens is slightly different to the regex-based Ignore list used by the Cloned Web Canarytoken.

Follow the steps below to add a legitimate website to a Cloned CSS Canarytoken "Domain ignore list":

Step 1: Log in to your Console

Console Login.png

Step 2: Open the Canarytokens

CleanShot 2024-07-24 at 15.00.24@2x.png

Step 3: Search for your Cloned CSS Canarytoken

Enter the URL name of the Cloned CSS Canarytoken you want to update the ignore list on.

CleanShot 2024-07-24 at 14.36.43@2x.png

Step 4: Select the correct token

Select the token from the search history.

We searched and selected "inyoni-corp.com"

cloned-css-1.png

Step 5: Add domains to the ignore list

To add a specific entry to the ignore list, enter it in the Domain ignore list area, Press Enter and click Save.

Entries added to the Domain ignore list can be a specific URL or a subdomain. The entry supports:

  • Wildcards (*) to create glob patterns. For example: *.iyoni-corp.com or *.dev.iyoni-corp.com
  • Options lists to ignore any string in a list. For example: (subA|subB|subC).iyoni-corp.com matches one of the options, either subA.iyoni-corp.com, subB.iyoni-corp.com or subC.iyoni-corp.com.
  • Protocol matching by making use of the '^' prefix. For example: ^http(s|)://iyoni-corp.com will match both http://iyoni-corp.com and https://iyoni-corp.com. Similarly with other protocols such as ^file://* to match file://webdev/iyoni-corp/index.html.

cloned-css-2.png

Step 6: Use wildcards for multiple subdomains

If you have many subdomains you would like to add to the ignore list, on both http & https, then using a wildcard (*) with the protocol prefix (^) is a more suitable approach, for example:

^http(s|)://*.inyoni-corp.com

This will exclude entries like https://staging.inyoni-corp.com and http://pre-prod.test.inyoni-corp.com from alerts.

Add the entry, press Enter, then press Save to apply the changes.

cloned-css-3.png

Now you shouldn't be receiving any more alerts from those legitimate domains.

Was this article helpful?
0 out of 0 found this helpful
Return to top