ABE rules triggering messages for some rules

[access2godzilla]

I have the following rules in ABE:

Code: Select all

Site .googlesyndication.com .google-analytics.com .adzerk.net .scorecardreasearch.com cdn-careers.sstatic.net .quantserve.com .chartbeat.com .2mdn.net .revsci.net .criteo.com .krxd.net .amazon-adsystem.com .doubleclick.net .adobetag.com .fbcdn.net .peer39.net demdex.net .adsonar.com .crwdcntrl.com .2o7.net .omtrdc.net .troveread.com .mathtag.com .parsely.com
Deny

Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny

Site .google.com
Accept from .youtube.com .blogspot.com
Accept from SELF
Deny

On this page: http://arstechnica.com/information-technology/2014/01/bitrot-and-atomic-cows-inside-next-gen-filesystems/ , if I scroll down to the end, I get this:

Code: Select all

Request {GET hxxp://www. reddit. com / static/ button /button3. html ? (snipped due to spam filter) - 7} filtered by ABE: < .reddit.com .stumbleupon.com .twitter.com> Deny

I know that I can turn off ABE notifications, but why does this specific rule generate a message?

[Thrawn]

Can you send the whole message to a moderator via private message?

The second rule restricts reddit to receive requests only from itself, which may be your problem.

[access2godzilla]

On www.washingtonpost.com I get:
http://i.imgur.com/2BrPxYe.png

On the Ars link posted above I get:
http://i.imgur.com/rzNxY6e.png

[barbaz]

Script permission status of those sites?
Could you please post also the messages in the Browser Console?

[access2godzilla]

Scripts globally allowed, no sites in untrusted. All other settings are same as the defaults.

I can't post anything from the browser console here due to the spam filter, but the general structure is:

Code: Select all

[ABE] <<site>> <action> on {<request type> <url> <<< <document> - <number>}
USER rule:
<ruleset>

To see what is actually generated, you can put in my rules.

Just to clarify, my question is, why would some specific rules generate a message while others do not?

[barbaz]

OK, reproduced. Unfortunately the washingtonpost message got lost, but here's the reddit one with irrelevant parts snipped:

Code: Select all

[ABE] <.reddit.com .stumbleupon.com .twitter.com> Deny on {GET http://www.reddit.com/ [ ETC ] <<< (snip) arstechnica (snip) - 7}
USER rule:
Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny

Note the number 7:

TYPE_SUBDOCUMENT 7 Indicates a document contained within another document (for example, IFRAMEs, FRAMES, and OBJECTs).

Looks like the notification is firing for iframes, even though it's not supposed to: (emphasis added by me)

If ACTION is Deny and the blocked request is targeted to a *top-level* window, an user-facing notification is also issued, with an Options button which lands directly in the ABE configuration panel.

[SeanM]

While tinkering with doubleclick.net in ABE, I ran into the subject matter of this thread. To wit, the following is displayed at the top of the display:

Code: Select all

[ABE] <.doubleclick.net> Deny on {GET http://3687047.fls.doubleclick.net/activityi;src=3687047;type=retar754;cat=retar424;ord=1856690113655.9634? <<< http://www.classmates.com/places/school/West-High-School/25?startYear=1963&endYear=1969&type=registration - 7} filtered by ABE: <.doubleclick,net> Deny

The associated USER rule:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny

I have checked "iFrame" under "Embeddings". After I parsed out the message (above), I added "Deny INCLUSION" to the ABE rule, to read:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny INCLUSION
Deny

The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?

[barbaz]

I have checked "iFrame" under "Embeddings".

Apparently, this bug also applies to <frame> elements.

The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?

NoScript does correctly obey the ABE notification setting. The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.


(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:

Code: Select all

Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny

)

[Giorgio Maone]

The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.

Investigating, thanks.

[Guest]

(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:

Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny

And what this?

Code: Select all

Site .doubleclick.net
    Accept from SELF++
    *.last.fm .americanexpress.com .nysaves.org .pandora.com
    Deny INCLUSION
    Deny