it's not possible to create rules at the domain level in certain websites from the matrix and the rules manager

[requiredregistration]

for example, at http://about.me/kgriffs, as it can be seen in the matrix, one cloudfront.net subdomain is blocked and 2 are not allowed, and each one must be allowed manually one by one. aboutme-cloud.net for example, once allowed, ‪sentry2.aboutme-cloud.net is allowed along with it. that cannot be done with cloudfront.net. adding "* cloudfront.net" through the rules manager to the scope makes no difference.

[gorhill]

cloudfront.net is not a domain, it is a public suffix. A domain is a 1 + public suffix. Go to http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1 and search for cloudfront.net. Excerpt:

// Amazon CloudFront : https://aws.amazon.com/cloudfront/
// Submitted by Donavan Miller <donavanm@amazon.com> 2013-03-22
cloudfront.net

More about the Public Suffix List (and why): http://publicsuffix.org/

[gorhill]

Duplicate of #109

[gorhill]

By design, HTTPSB will not allow to go above domain name to stay consistent with the Public Suffix List. Please read front page of http://publicsuffix.org for rationale of using a Public Suffix List.