Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
644 lines (558 sloc) 14.7 KB
<!--
Other Yandex rulesets:
- BEM.info.xml
- Loginza.ru.xml
- Moikrug.ru.xml
- Ya.ru.xml
- YaDi.sk.xml
- Yandex.com.xml
- Yandex.com.ua.xml
- Yandex.com.tr.xml
- Yandex.kz.xml
- Yandex.mobi.xml
- Yandex.net.xml
- Yandex.st.xml
- Yandex.ua.xml
- Yandex.by.xml
- Yandex_ad_exchange.net.xml
- Yaprobki.ru.xml
- Yastatic.net.xml
For any questions please contact Artyom Gavrichenkov <ximaera@yandex.ru>.
I'm not in any way a Yandex employee, however, this set of rules is
already working for a long time with all Yandex services, being used very
intensively, and thus is being shared with community in order to prevent
scam and stealing from Money.Yandex.ru (and other services as well).
Nonfunctional subdomains:
- apps ¹
- android-us.apps ¹
- us.apps ¹
- beta-feedback ³
- blog ³
- bm ³
- business ²
- cards ³
- contact ³
- contact2 ³
- copy ³
- dns ³
- encyclopedia *
- family ¹
- b.feedback ³
- gazeta ³
- informer ³
- interactive-answers *
- m.internet ³
- ir ³
- iseg ³
- islands ¹
- kapersky ³
- kaspersky ³
- kassa ⁴
- labs ³
- large ³
- lingvo ³
- m ¹
- (www.)?market ¹
- (www.)?m.metro ⁶
- mirror ³
- narod ²
- navigator ³
- (www.)?news ³
- m.news ³
- pda.news ³
- notanymore ³
- online ⁷
- op ¹
- presocial ⁶
- prestable-pogoda ³
- punto ⁶
- api.rasp *
- repo ³
- shad ¹
- soft ³
- terms ³
- uslugi ¹
- interactive-answers.webmaster ¹
- wdgt ⁵
¹ Redirects to http
² Refused
³ Dropped
* Differs from http
⁴ Reset
⁶ 404
⁷ Shows mail
⁵ 403
Problematic subdomains:
- www.advertising ¹
- panoramas.api-maps *
- appsearch ¹
- www.browser **
- pda.calendar ¹
- collection ²
- dict ¹
- favicon ¹
- m.market ⁵
- www.mobile **
- mobile-feedback ³
- money ⁴
- m.money ¹
- pda.money ¹
- start.money ⁴
- skype ⁸
- www.taras **
- twitter ¹
- upics ¹
- streaming.video ⁹
- webcal ¹
- ym-promo ⁴
¹ Mismatched
* Unspecified effect[?]
** 404
² Mismatched, CN: bar.yandex.com.tr
⁵ Revoked
³ Mismatched, CN: validator.yandex.ru)
⁴ Blocks Tor users
⁸ Dropped
⁹ Apparently breaks video player
Partially covered subdomains:
- (www.)?video *
¹ Some pages redirect to http
* Apparently breaks player
Fully covered subdomains:
- (www.)?
- (www.)?academy
- (www.)?adresa
- (www.)?atlas
- dict (→ slovari)
- \d+.downloader.disk
- (www.)?ewents
- (www.)?event
- (www.)?events
- favicon (→ favicon.yandex.net)
- (www.)?fotki
- (www.)?internet
- (www.)?ivent
- (www.)?ivents
- (www.)?karti
- (www.)?maps
- sandbox.api.maps
- (www.)?beta.maps
- (www.)?constructor.maps
- (www.)?m.maps
- (www.)?n.maps
- (www.)?router-quality.maps
- (www.)?master
- (www.)?metro
- mobile-feedback (→ m.feedback)
- (www.)?mshad
- (www.)?music
- (www.)?maps.pda
- (www.)?pogoda
- (www.)?probki
- (www.)?research
- (www.)?site
- skype (→ ^)
- (www.)?startups
- (www.)?tech
- (www.)?tv
- twitter (→ www)
- upics (→ upics.yandex.net)
- (www.)?weather
- (www.)?yaca
- ((www.)?[^.]+|[^.].[^.]): * (www → ^)
- (www.)?advertising
- agency.advertising
- welcome.advertising
- advq
- afisha
- an
- analytics
- api
- api-lenta
- api-maps
- arin.api-maps
- enterprise.api-maps
- api-yaru
- auto
- dealer.auto
- m.auto
- partner.auto
- pda.auto
- autoconfig
- autodiscover
- avia
- awaps
- b
- ba
- bar
- bayan
- beta.bayan
- beta
- blogs
- m.blogs
- pda.blogs
- blogs-http
- (www.)?browser
- browsers
- bs
- bs-meta
- buki
- business-maps
- calendar
- widgets.calendar
- captcha
- changepassword
- city
- clck
- clock
- clocks
- company
- contest
- algorithm.contest
- intern.contest
- official.contest
- corba-https-export
- corba-https-export-ng1
- css
- dev
- direct
- disc
- disk
- beta.disk
- downloader.disk
- display
- element
- elements
- www.ewent
- export
- feedback
- m.feedback
- feedback2
- files
- firefox
- img.fotki
- m.fotki
- r-img.fotki
- fx
- gadget
- geocode-maps
- geocontext
- gorod
- help
- hw
- i
- ie
- images
- img
- img-fotki
- img[1-7]-fotki
- ipv4.internet
- ipv6.internet
- keyboard
- kiks
- legal
- m.legal
- mail
- pda.mail
- har.maps
- mpro.maps
- mtquality.maps
- npro.maps
- pda.maps
- points.maps
- r.maps
- constructor.maps
- partner.market
- mbrowser
- mc
- mdata
- metr
- metric
- metrica
- metrika
- pda.metro
- (www.)?mobile
- money
- start.money
- myfiles
- partner.news
- opera
- partner
- partners
- pass
- passport
- passport-ckicheck
- probki.pda
- traffic.pda
- pda-passport
- people
- pdd
- m.pogoda
- mini.pogoda
- prefetch-maps
- probki
- pda.probki
- psearch-maps
- pythonlbp-s
- qas
- qas2
- rabota
- m.rabota
- radioprobki
- radioprobki2
- rasp
- fi.rasp
- m.rasp
- suggests.rasp
- suburban-widget.rasp
- t.rasp
- realty
- partner.realty
- route-maps
- safety
- search-maps
- arin.search-maps
- slovari
- m.slovari
- sobitia
- m.soft
- api.sport
- sprav
- spravochnik
- stat
- subs
- suggest-maps
- taras
- taxi
- taxi-exam
- api.tech
- developer.tech
- technologies
- ticket
- time
- tolstoy
- pda.traffic
- traffic-maps
- translate
- tune
- m.tune
- umbrella
- validator
- vb-update
- video
- static.video
- vremya
- watch
- api.weather
- mini.weather
- webmaster
- widgets
- wy
- xml
- xmlsearch
- yabs
- m.yaca
- pda.yaca
- ye-update
- ym-promo
- m.zakladki
* Except where excluded below
These altnames don't exist:
- m.feedback2.yandex.ru
- store.yandex.ru
- www.store.yandex.ru
- support.yandex.ru
- www.webmaster.yandex.ru
Insecure cookies are set for these domains:
- .yandex.ru
- academy.yandex.ru
- afisha.yandex.ru
- auto.yandex.ru
- bs.yandex.ru
- captcha.yandex.ru
- .captcha.yandex.ru
- contest.yandex.ru
- intern.contest.yandex.ru
- shad.contest.yandex.ru
- display.yandex.ru
- feedback2.yandex.ru
- .fotki.yandex.ru
- gorod.yandex.ru
- hw.yandex.ru
- .hw.yandex.ru
- internet.yandex.ru
- ipv4.internet.yandex.ru
- ipv6.internet.yandex.ru
- mail.yandex.ru
- partner.market.yandex.ru
- mobile.yandex.ru
- pass.yandex.ru
- pogoda.yandex.ru
- rabota.yandex.ru
- m.rabota.yandex.ru
- suggests.rasp.yandex.ru
- .suggests.rasp.yandex.ru
- realty.yandex.ru
- partner.realty.yandex.ru
- slovari.yandex.ru
- startups.yandex.ru
- stat.yandex.ru
- tech.yandex.ru
- developer.tech.yandex.ru
- translate.yandex.ru
- tune.yandex.ru
Mixed content:
- Images, on:
- ^, b, corba-https-export, export, umbrella, vb-update, wy, ye-update from awaps.yandex.ru ¹
- advertising from avatars.yandex.net ¹
- advertising, b, m.blogs, corba-https-export, export, m.legal, umbrella, vb-update, wy, ye-update from img.yandex.net ¹
- m.feedback, mobile-feedback, www from yastatic.net ¹
- tech from api.yandex.ru ¹
- favicons, on:
- m.feedback from img.yandex.net ¹
- agency.advertising, help, legal, m.legal from yandex.st ¹
- Bugs, on:
- m.blogs, downloader.disk, from clck.yandex.ru ¹
- m.fotki from c.waplog.net ²
- advq, ba, blogs, direct, maps, partner.market, maps.pda, rabota, wordstat, (www.)?yaca from kiks.yandex.ru ¹
¹ Secured by us
² Unsecurable <= dropped
-->
<ruleset name="Yandex">
<target host="yandex.ru" />
<target host="*.yandex.ru" />
<!--
Redirects to http:
-->
<!--exclusion pattern="^http://(android-us\.apps|us\.apps|m\.auto|family|interactive-answers|op)\.yandex\.ru/$" /-->
<!--exclusion pattern="^http://market\.yandex\.ru/($|\?clid=|search\.xml)" /-->
<exclusion pattern="^http://uslugi\.yandex\.ru/($|arr\.png|index\.css)" />
<!--
Rather than enumerating domains that support SSL,
we enable SSL for all services and then exclude those
which become broken:
1. Public services without HTTPS support (or with broken support):
-->
<exclusion pattern="^http://(?:bar-widgets|cards|cs-ellpic|cs-thumb|dzen|encyclopedia|lingvo|ll|mirror|newmoscow|news|openid|presocial|wdgt)\.yandex\.ru/" />
<!--
Needed for Yandex video player to work:
-->
<exclusion pattern="^http://video\.yandex\.ru/iframe/" />
<exclusion pattern="^http://streaming\.video\.yandex\.ru/" />
<exclusion pattern="^http://[^.]+\.video\.yandex\.ru/q-upload/" />
<!--
3. Narod.ru.
w
Narod.ru doesn't use auth data from Yandex,
so we don't need to encrypt its pages.
The only exception is Narod.Disk, but it doesn't provide HTTPS
-->
<exclusion pattern="^http://narod\d*\.yandex\.ru/" />
<!--
4. Search suggestions:
-->
<exclusion pattern="^http://suggest(?!-maps\.)(?:-[a-z]+)?\.yandex\.ru/" />
<!--
5. Webmaster:
-->
<exclusion pattern="^http://content\.webmaster\.yandex\.ru/" />
<!--
6. Mobile services:
-->
<exclusion pattern="^http://m\.yandex\.ru/" />
<!--
8. Various click counters and content stores:
-->
<exclusion pattern="^http://(?:copy|hghltd|print|market-click\d+|wrz)\.yandex\.ru/" />
<!--
9. Data clusters for Maps and Video:
-->
<exclusion pattern="^http://panoramas\.api-maps\.yandex\.ru" />
<exclusion pattern="^http://(?:jgo|vec\d+|stv\d+)\.maps\.yandex\.ru/" />
<exclusion pattern="^http://[^.]+-tub(?:-[^.]+)?\.yandex\.ru/" />
<!--
10. More subdomains without SSL from Aleksey Kosterin:
-->
<exclusion pattern="^http://(?:business|collection|kapersky|large|market|nahodki|navigator|online|punto|zakladki)\.yandex\.ru/" />
<!--
11. Some cert warnings:
-->
<exclusion pattern="^http://soft\.yandex\.ru/" />
<!--
Miscellaneous:
-->
<exclusion pattern="http://(?:apps|(?:android-)?us\.apps|appsearch|bm|contact2?|dns|family|gazeta|interactive-answers|m\.internet|islands|kaspersky|labs|(?:m|www)\.market|(?:m|pda)\.money|(?:m|pda|www)\.news|notanymore|op|prestable-pogoda|api\.rasp|repo|shad|static-maps|terms|uslugi|webcal|interactive-answers\.webmaster)\.yandex\.ru/" />
<!-- Not secured by server:
-->
<!--securecookie host="^\.yandex\.ru$" name="^(Cookie_check|fuid01|my|yandexuid|yp|ys)$" /-->
<!--securecookie host="^(academy|events|startups|tech|developer\.tech)\.yandex\.ru$" name="^(express:sess:|express:sess\.sig)$" /-->
<!--securecookie host="^afisha\.yandex\.ru$" name="^ys$" /-->
<!--securecookie host="^(auto|pda\.auto|display|gorod|partner\.market|(www\.)?master|rabota|m\.rabota|realty|partner\.realty|slovari|stat)\.yandex\.ru$" name="^uid$" /-->
<!--securecookie host="^(bs|mc)\.yandex\.ru$" name="^yabs-sid$" /-->
<!--securecookie host="^(intern\.|shad\.)?contest\.yandex\.ru$" name="^CONTEST_LANG$" /-->
<!--securecookie host="^feedback2\.yandex\.ru$" name="^feedback2-sid$" /-->
<!--securecookie host="^\.fotki\.yandex\.ru$" name="^FSession_id$" /-->
<!--securecookie host="^\.?(captcha|hw|suggests\.rasp)\.yandex\.ru$" name="^yp$" /-->
<!--securecookie host="^(ipv[46]\.)?internet\.yandex\.ru$" name="^(csrftoken|test)$" /-->
<!--securecookie host="^(pda\.)?mail\.yandex\.ru$" name="^ni$" /-->
<!--securecookie host="^mobile\.yandex\.ru$" name="^family$" /-->
<!--securecookie host="^pass\.yandex\.ru$" name="^M_\w+_yandex_\w\w$" /-->
<!--securecookie host="^pogoda\.yandex\.ru$" name="^yw_lc$" /-->
<!--securecookie host="^realty\.yandex\.ru$" name="^from$" /-->
<!--securecookie host="^slovari\.yandex\.ru$" name="^slovari-state$" /-->
<!--securecookie host="^translate\.yandex\.ru$" name="^(first_visit_src|stoken)$" /-->
<securecookie host="(?:academy|afisha|auto|pda\.auto|bs|\.?captcha|(?:intern\.|shad\.)?contest|display|events|feedback2|\.?hw|(?:ipv[46]\.)?internet|mail|pda\.mail|partner\.market|(?:www\.)?master|mc|mobile|pass|pogoda|rabota|m\.rabota|\.?suggests\.rasp|realty|partner\.realty|slovari|startups|stat|(?:developer\.)?tech|translate|\.video)\.yandex\.ru$" name=".+" />
<!-- Redirect keeps path and args:
-->
<rule from="^http://dict\.yandex\.ru/+"
to="https://slovari.yandex.ru/" />
<!-- Domains for which www exists, but !www
doesn't, or doesn't work over http:
-->
<rule from="^http://www\.ewent\.yandex\.ru/"
to="https://www.ewent.yandex.ru/" />
<rule from="^http://favicon\.yandex\.ru/"
to="https://favicon.yandex.net/" />
<!-- Redirect drops path and args:
-->
<!--rule from="^http://gazeta\.yandex\.ru/.*"
to="https://news.yandex.ru/mynews" /-->
<!-- Redirect drops path but not args:
-->
<rule from="^http://(?:www\.)?m\.metro\.yandex\.ru/[^?]*"
to="https://m.soft.yandex.ru/metro/" />
<rule from="^http://mobile-feedback\.yandex\.ru/"
to="https://m.feedback.yandex.ru/" />
<!-- Redirect keeps path and args:
-->
<rule from="^http://skype\.yandex\.ru/+"
to="https://yandex.ru/promo/skype/" />
<rule from="^http://twitter\.yandex\.ru/+"
to="https://www.yandex.ru/" />
<rule from="^http://upics\.yandex\.ru/"
to="https://upics.yandex.net/" />
<!-- Domains for which both !www and www
exist, and both work without caveat:
-->
<rule from="^http://(www\.)?(academy|adresa|atlas|ewents|[ei]vents?|export|fotki|internet|karti|maps|(?:beta|constructor|m|n|router-quality)\.maps|master|metro|mshad|music|maps\.pda|pogoda|prefetch-maps|probki|research|site|startups|tech|tv|video|weather|yaca)\.yandex\.ru/"
to="https://$1$2.yandex.ru/" />
<rule from="^http://((?:\d\.downloader\.disk|sandbox\.api\.maps|www)\.)?yandex\.ru/"
to="https://$1yandex.ru/" />
<rule from="^http://(?:www\.)?([^.]+)\.yandex\.ru/"
to="https://$1.yandex.ru/" />
<!-- Here we can enable 4+ level domains with a single regexp,
but I've never seen any domains more that 4 levels deep
in Yandex network, so I wouldn't enable them now -
it may be inconvenient and may broke some services.
Only 4-level domains match.
-->
<rule from="^http://([^.]+)\.([^.]+)\.yandex\.ru/"
to="https://$1.$2.yandex.ru/" />
<!-- "<error><status>401</status><message>Unauthorized</message><cause>Incorrect referer</cause></error>"
https doesn't give a referrer, so images don't load.
Example: https://market.yandex.ru/search.xml?text=draytek&hid=91083&srnum=233
List: https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001094.html
-->
<!--rule from="^https://static-maps\.yandex\.ru/"
to="http://static-maps.yandex.ru/" downgrade="1" /-->
</ruleset>
You can’t perform that action at this time.