Code: Select all
Site java-vm@*.*
DenyIs this a removed feature? If not, could someone please explain how to use it?
Per-content-type rules?
Per-content-type rules?
Just happened upon http://forums.informaction.com/viewtopi ... 578#p38099, and according to that post it should be possible to make ABE rules that only apply to specific content types. However, that isn't working for me. For example,
doesn't block any Java applets here.
Is this a removed feature? If not, could someone please explain how to use it?
Is this a removed feature? If not, could someone please explain how to use it?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1
-
Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Per-content-type rules?
Unfortunately that information was incorrect, probably based on confusion between embedded content blocking and ABE, which are separate and very different mechanisms.
More specifically, ABE knows almost nothing about content types, beside hints provided by the loader, and therefore nothing reliable and usable, because ABE blocking happens before the request is initiated, since its intended scope is preventing CSRF: in facts, once the request is sent and the content-type is ultimately known, CSRF already happened.
The syntax in that example has never been implemented, documented or even planned.
More specifically, ABE knows almost nothing about content types, beside hints provided by the loader, and therefore nothing reliable and usable, because ABE blocking happens before the request is initiated, since its intended scope is preventing CSRF: in facts, once the request is sent and the content-type is ultimately known, CSRF already happened.
The syntax in that example has never been implemented, documented or even planned.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0