URI match detection for ports

Hi,

Been using Bitwarden for a while now and the biggest issue I’ve encountered is how Bitwarden handles URI matching.

A lot of the logins I have saved are for self-hosted things, that are under a bespoke port. For the rest of this explanation, let’s use my Plex server, under port 32400.

Unfortunately, the two closest match patterns Bitwarden offers are base domain and host. Base domain will suggest the login when I am on ANY port of a specified domain, meaning any time I’m connected to my server, any services I have will be recommended, despite being on different ports. Host is a little bit better, as it only recommends if the domain + port matches, but that still leaves me with a problem: I’m not always connecting from the same domain. I could be connecting via localhost, an internal IP, hostname.local, an external IP, or a domain name (which I do all of, depending on the service and where I am relative to my server). That would require me to add 5 URIs to every self-hosted service, if I were to use match detection.

I think, then, it would only make sense for Bitwarden to offer a port match. If it ends in 32400, suggest my Plex login. I don’t think that this would prevent any false suggestions, as you’d never be visiting google.com:32400, and most services that use a bespoke port, will use a port that is not used by another service. (But really, when would you ever be connecting to something with a bespoke port, that you didn’t set up yourself? Except if there’s two instances of the same program across two servers… but how is that any different than 2 accounts under 1 website? anyways…)

Anyways, to try to visualize this, let’s make a table. Let’s say I saved my password when connected via localhost. Where would Bitwarden find it appropriate to recommend this password again, with different match patterns?

Domain Base Match Host Match Port Match
localhost:32400 Y Y Y
10.0.0.XX:32400 X X Y
localhost:25565 Y X X
server.local:32400 X X Y
my-public-facing-URL.com:32400 X X Y
google.com:32400 X X Y

One false positive is better than a dozen false negatives, IMO :slight_smile:

All in all, I think it’d be a relatively easy feature to implement, and I might try to do something similar with Regex in the meantime, but seeing it supported in an official capacity would be the best. Thanks!

2 Likes

I fully agree. It is the most annoying feature that is missing here.

Especially if you’re developing this is a must - have, currently my main reason NOT to use bitwarden.

sorry to necrobump a bit, but do you mind if I ask what you use currently?

Bitwarden is still far and away the best login manager I’ve used to date, but I have been using it exclusively for a good while now. Maybe some of the competition has gotten better?

Bitwarden does support port detection using the URI match detection option Host, but OP couldn’t be bothered to add the necessary URI entries to the relevant vault entries.

I’m not sure why it would be such a big inconvenience to just use the Auto-fill and Save option to add the required URLs one at a time as they are encountered.

The problem with your suggestion is that I would be accessing the same service on the same port across several different URLs. localhost, hostname.local, public.url, as well as internal and external IPs. If I could add an entry and change the match detection to “port” once, that would be great. But I end up having half a dozen URIs that I have to change the detection method to “host” on each time, not to mention having to manually search whatever service in bitwarden and “autofill and save” each time I access it a different way.

It’s a very first world problem, I’m fine to admit, but I also think it’s an easy enough solution.

My point is, you only need to do this once per URL. And the more you do it, the less necessary it will become.

How are you currently logging in to these services? Since you’re having trouble with matching, I assume that you already have to do a vault search. And then what? Copying & pasting? Or clicking the Auto-fill button that is right above the Auto-fill and Save button?

I have a bunch of self hosted services at

http :// raspberry.local:1000
http :// raspberry.local:1001
http :// raspberry.local:1002
http :// raspberry.local:1003

And HOST only detects those saved as http :// raspberry.local without any port. If I click auto fill and save, it saves them without the port. What OP and myself would like is for BitWarden to differentiate between 1001, 1002, 1003, 1004 automatically and offer the appropriate password.

Check out regular-expression matching and equivalent domains. Either should accomplish your goal, with equivalent domains being the better approach.

That is not how it is supposed to work. You are putting the port number into the URL field, right?

I know how it’s supposed to work, but it’s not working and its super frustrating.

I’m using Bitwarden Version: 2024.4.1 (10283)

And Firefox (Android) Nightly 2024-05-17T03:26:59.244120172

Recently, Firefox took to only showing the domain name in the URL bar, could that be the cause of the issue? The full URI is there when you copy the URL, but it only displays the domain on the screen.

I would suggest reporting this as an Issue on GitHub. There is a possibly related issue with local domains already reported here:

 

The above issue was also discussed previously on the Community Forum, here:

Filed: Host Autofill doesn't work as it should · Issue #9329 · bitwarden/clients · GitHub

I just tried this myself, and HOST matches the port as well. It differentiates your example URLs perfectly well. Maybe the match name HOST is a bit misleading, but it all works as intended

With Firefox for Android?