ReporterX wrote:it is just a normal rule container which is named "SYSTEM" only.
That.
The only way in which it's "special" is that if you don't modify it, and if Giorgio changes its default value in a NoScript update, you would get those changes. But that hasn't yet happened in the 2 & 1/2 or so years I've used NS.
ReporterX wrote:Oh I see. I thought the "match and stop" depended on the order of the rules.
It does. If you had the following rule instead:
Code: Select all
Site .informaction.com
Deny INCLUSION
Accept INCLUSION(IMAGE) from .informaction.com
Accept INCLUSION(CSS) from .informaction.com
the Accept clauses would effectively be ignored, so no non-top-level request to informaction would load. Also, if e.g. you modified the SYSTEM rule like this:
Code: Select all
Site http://192.168.100.1/
Accept from https://fooserv.er
Site LOCAL
Accept from LOCAL
Deny
any requests the fooserver makes to 192.168.100.1 would be Allowed, assuming that fooserv.er is external (meaning, not being accessed by a private IP address on your local subnet or otherwise counted as part of LOCAL). But if you flip the order (put the fooserver exception after the default rule), then requests to 192.168.100.1 from fooserver would be blocked by the default SYSTEM rule.
ReporterX wrote:barbaz wrote:Also, don't put comments on the same line as rules (I've had bad experience with that)
What bad experience?
I think it tried to treat the comment as another Site to match, and invalidated the whole ruleset because Sites can't start with a #, or something like that.