blocking cloudfront

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: blocking cloudfront

Re: blocking cloudfront

by Thrawn » Mon Nov 25, 2013 11:30 pm

As therube said, there shouldn't be any need to block cloudfront specifically. It's blocked by default, like everything else.

Even if you use Scripts Globally Allowed mode, you can still mark cloudfront.net as Untrusted.

What more do you need?

Re: blocking cloudfront

by barbaz » Mon Nov 25, 2013 9:22 pm

bobblinkyo wrote:--What experiences have you made that suggests that this is a bad idea??
Try listening to any radio stream on tunein.com - you'll find that it requires cloudfront.net allowed (both script & requests).
Also, on bitbucket (and many other sites) everything is totally messed up (mainly CSS) without allowing requests to cloudfront.net.

Best practice with cloudfront.net is to script-allow subdomains as needed, otherwise leave it alone. You could additionally block it as I suggested above but if you do that, expect to be adding exceptions for some sites.

Re: blocking cloudfront

by bobblinkyo » Mon Nov 25, 2013 8:58 pm

@barbaz
As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work.
Well, I don't want to make a lot of trouble for myself, but up to now, but allowing Noscript to block cloudfront, I have not noticed anything broken about the websites visted.

--What experiences have you made that suggests that this is a bad idea??

TIA

Re: blocking cloudfront

by bobblinkyo » Mon Nov 25, 2013 8:55 pm

therube wrote:If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.
Thanks for the tip. Noscript is running and cloudfront is being blocked, but when I see the yellow bar at the bottom of the browser appear, then I always check to see which scripts are allowed to run. This to ensure that I have complete functionality of the website (but without the malware). Blocking cloudfont completely is just a convenience for me.

Re: blocking cloudfront

by barbaz » Mon Nov 25, 2013 8:14 pm

As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work. But if you really want to block cloudfront.net with NoScript, try this:
Add the following rule to your USER ABE ruleset, on top:

Code: Select all

Site .cloudfront.net
# this is where an Accept line would go should you decide to allow cloudfront on a per-site basis
Deny
for cloudfront.*, use this instead:

Code: Select all

Site ^[A-Za-z-]+://(?:[^:/]+\.)?cloudfront\.[^\.]+[^0-9A-Za-z_\.%-]
Deny

Re: blocking cloudfront

by therube » Mon Nov 25, 2013 8:12 pm

If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.

blocking cloudfront

by bobblinkyo » Mon Nov 25, 2013 8:00 pm

Since I am not familiar with regex, can someone show me how to configure noscript (currently 2.6.8.5 on my Linux box) to automatically disallow any URL ending in cloudfront.net (or cloudfront.*)?

Thanks in advance,

Top