Tunnel Firewall

Flag

--include-hosts

Description

This flag provides granular control over the URLs that you want to tightly bind to your tunnel.

Wildcards supported are: '*',  '?', '+', '.' 

When you use this option, all domains bound to the tunnel will always be resolved via the tunnel, and no other domains will be resolved via the tunnel.

This flag can be paired with force-local, and requests to all non tunnel bound URLs will fail.

Examples

1. BrowserStackLocal --key YOUR_KEY --include-hosts "mywebsite.com”

   All traffic to mywebsite.com (all ports and both HTTP and HTTPS) will go through your tunnel. All other requests will be resolved via the public internet.

2. BrowserStackLocal --key YOUR_KEY --include-hosts "localhost" ”127.0.0.1”

   All traffic to localhost and 127.0.0.1 (all ports and both HTTP and HTTPS) will go through your tunnel. All other requests will be resolved via the public internet. You can similarly extend the URL set with just a space-separated list of entries.

3. BrowserStackLocal --key YOUR_KEY --include-hosts ”localhost” "127.0.0.1" "myinternalwebsite.*" ".*.browserstack.com" --force-local

   All traffic to localhost, 127.0.0.1, and any TLD for myinternalwebsite - such as myinternalwebsite.com or myinternalwebsite.net,and all subdomains for browserstack.com (all ports and both HTTP and HTTPS) will go through your tunnel. Requests to any URLs not covered by the four input patterns will fail, because --force-local ensures that no resolution happens via the internet, and your tunnel is only open to the URL patterns you supplied.

4. BrowserStackLocal --key YOUR_KEY --include-hosts ".*”

   Functionally, this is the same as --force-local, but this flag can be paired with --exclude-hosts to fulfil some use-cases which can’t be accomplished with --force-local.

Flag

--exclude-hosts

Description

This flag supersedes --include-hosts. This flag provides granular control over the URLs that you want to disallow from your tunnel.

Wildcards supported are: '*',  '?', '+', '.' 

When you use this option, all domains disallowed from the tunnel will never be resolved via the tunnel, and other domains might be resolved via the tunnel depending on other parameters.

This flag can be paired with --force-local, and will mean that all traffic will be resolved via your Local tunnel, except the domains blacklisted using this flag.

Examples

1. BrowserStackLocal --key YOUR_KEY --exclude-hosts ".*.apple.com”

   Your tunnel will never be used to resolve any requests to an apple.com subdomain. However, all other URLs will follow the familiar path, where we try to resolve them via the public internet first, and then fall back to the tunnel.

2. BrowserStackLocal --key YOUR_KEY --include-hosts ".*" --exclude-hosts ".*.google.com”

   Your tunnel will serve all URLs except google.com subdomains - those will be resolved via the public internet.

3. BrowserStackLocal --key YOUR_KEY --exclude-hosts ".*.bing.com” --force-local

   Your tunnel will never be used to resolve any requests to a bing.com subdomain. However, all other traffic will go through your tunnel. Requests to*.bing.com will fail, because --force-local will ensure that no URL is resolved from the public internet.

4. BrowserStackLocal --key YOUR_KEY --include-hosts ".*.microsoft.com" ".*.google.com" ".*.amazon.com" --exclude-hosts "www.amazon.com" --force-local

   Your tunnel will resolve subdomains from microsoft.com, google.com, and amazon.com. Your tunnel will, however, not resolve any requests to www.amazon.com. All requests to www.amazon.com, along with all other requests not explicitly bound to the tunnel, will fail because --force-local will ensure that no resolution happens from the public internet.