facebook rule not correct?

[bege]

Hi,
I have this ABE rule for facebook:

Code: Select all

# facebook rule
# This rule allows Facebook scripts objects and frames to be included only
# from Facebook pages and apps
Site .facebook.com .fbcdn.net .facebook.net
Accept from .facebook.com .fbcdn.net .facebook.net
Deny INCLUSION

Nevertheless connect.facebook.net is allowed on here.com after you click on route planning, according to the button menu of NS.
Is this due to the respective surrogate script or is something wrong with my ABE rule?
If it is due to the surrogate script, how can I distinguish between an allowed URL and a blocked one that has a surrogate script?

Thank you.

[GµårÐïåñ]

There is nothing wrong with the ABE rule. The fact is that for the ABE rule to do its job, those domains listed in the ABE rule need to be allowed on the NS portion of the interface so they go through to the ABE to be processed. If they are not allowed on the NS side, they never make it to ABE. So that's why NS will always show them allowed and should. Its ABE that controls the behavior beyond that, you can test it to make sure ABE is working by using the NETWORK monitor portion of the Dev Tools built into the browser or use a third party site to check functionality.

[Thrawn]

You should also be able to see the ABE messages in the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console).

[bege]

You should also be able to see the ABE messages in the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console).

Thank you, that's helpful.
With the INCLUDE option in the rule the error console shows messages relating to the facebook website, without INCLUSION it shows an ABE message that facebook has been blocked. That means that the INCLUSION option allows facebook on here.com (and probably any other website).
To be honest I don't really understand that option. I only found out that opening a link to a site that is blocked with ABE is not possible without the INCLUDE option.
For instance: ebay URLs are only allowed on ebay. That doesn't allow to open an ebay link on google search results. With the INCLUDE option it is possible.
But unfortunately it seems to allow any website to open the url.
I several times read the explanation of the INCLUDE option and still don't understand what it is meant for.

Is there a way to block URLs with ABE but allow opening links to that URL?

[Thrawn]

I several times read the explanation of the INCLUDE option and still don't understand what it is meant for.

It allows you to control the inclusion of objects from a site. As you've discovered, it doesn't control links.

This rule means 'Block every attempt to send a request to Facebook':

Code: Select all

Site .facebook.com
Deny

But this rule means 'Block every attempt to import scripts, Flash, stylesheets, etc, from Facebook':

Code: Select all

Site .facebook.com
Deny INCLUSION

So, using INCLUSION makes the rule narrower.

Is there a way to block URLs with ABE but allow opening links to that URL?

I don't understand. If you want to allow links, what do you mean by 'block URLs'?

You could try something like this for your eBay search results:

Code: Select all

Site .ebay.com
Accept from SELF++
Anon GET from .google.com
Deny

'Anon GET from .google.com' means: 'Allow Google to send GET requests to eBay, but strip all authentication, cookies, and HTTP payload from those requests'. That's enough to allow links, but strip pretty much everything else.

[bege]

I don't understand. If you want to allow links, what do you mean by 'block URLs'?

You could try something like this for your eBay search results:

Code: Select all

Site .ebay.com
Accept from SELF++
Anon GET from .google.com
Deny

'Anon GET from .google.com' means: 'Allow Google to send GET requests to eBay, but strip all authentication, cookies, and HTTP payload from those requests'. That's enough to allow links, but strip pretty much everything else.

That's what I meant. Thank you. And thank you for your explanation.