ABE blocks local dev enviroment
ABE blocks local dev enviroment
Hey guys,
I am having a little problem here with ABE.
My local apache configuration creates different virtual host which are all routed to 127.0.0.1 via host file.
Let's take this one for example: mastery.local
Pretty much all the time the site is working without any problems and ABE enabled.
Then after some while, maybe after changing the WLAN, which should not affect the configuration at all, because it stays the same, all the css and javascript files of the site are blocked.
I tried to enable and disabled modules in Firefox and came to the conclusion that NoScript is the problem here.
I tried to tweak the settings of NoScript to make the site work properly again and then found out that if I deactivate ABE completly there is not problem anymore.
Since I do not want to disable ABE completly, I tried to make a special config for mastery.local which looked like this:
Site mastery.local
Accept ALL from LOCAL
I inserted it But..it did not work.
What am I doing wrong?
I can not figure that one out.
I hope you can help me.
Kind regards
func0der
I am having a little problem here with ABE.
My local apache configuration creates different virtual host which are all routed to 127.0.0.1 via host file.
Let's take this one for example: mastery.local
Pretty much all the time the site is working without any problems and ABE enabled.
Then after some while, maybe after changing the WLAN, which should not affect the configuration at all, because it stays the same, all the css and javascript files of the site are blocked.
I tried to enable and disabled modules in Firefox and came to the conclusion that NoScript is the problem here.
I tried to tweak the settings of NoScript to make the site work properly again and then found out that if I deactivate ABE completly there is not problem anymore.
Since I do not want to disable ABE completly, I tried to make a special config for mastery.local which looked like this:
Site mastery.local
Accept ALL from LOCAL
I inserted it But..it did not work.
What am I doing wrong?
I can not figure that one out.
I hope you can help me.
Kind regards
func0der
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE blocks local dev enviroment
Just put the following rule at the very beginning of the SYSTEM ruleset:
Code: Select all
Site mastery.local
Accept
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
Thanks for your answer.
So what you are saying is, that I can not overwrite the "system" set with the "user" set?
So what you are saying is, that I can not overwrite the "system" set with the "user" set?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
That's correct - and that is the reason for having separate rulesets. You can write whatever rules you want in the USER ruleset without affecting SYSTEM. Requests will be passed through each ruleset, and if any ruleset blocks them, then they are blocked.func0der wrote: So what you are saying is, that I can not overwrite the "system" set with the "user" set?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
So to summarize things:
You can not UNBLOCK things, that have been blocked before by a global rule.
By global rules I mean rules using placeholders like LOCAL.
You have to unblock them before you are using a global rule. The global url will then apply to every url EXCEPT the ones excluded before by a special rule.
This means as a basic rule you can say: From Special to global.
Maybe I overread that information in the documentation?
Either way, this seems kind of a bug to me. I now think, that the changing of the wifi has caused all this.
I found that little checkbox in ABE which is called "WAN-IP (...) equals LOCAL".
I do not know how that is exactly handled by Firefox and NoScript, but here are my thoughts.
Following situation:
Wifi 1 -> IP 1 (initial IP)
Wifi 2 -> IP 2
The initial IP gets cached by Firefox and NoIP. That means that IP 1 is used in ABE as the WAN IP.
If I change to Wifi 2 and get IP 2 Firefox still works for some seconds. After a full reload (without caching) the css and js is gone.
Firefox has recognized the new IP, but NoScript has not.
The WAN IP in the ABE settings does not change until I uncheck the box, close the settings dialog, reopen and recheck the box again and close it again.
But even after that the css and js does not load again.
Seems like the ruleset is not refreshed.
Strange behaviour, isn't it.
func0der
You can not UNBLOCK things, that have been blocked before by a global rule.
By global rules I mean rules using placeholders like LOCAL.
You have to unblock them before you are using a global rule. The global url will then apply to every url EXCEPT the ones excluded before by a special rule.
This means as a basic rule you can say: From Special to global.
Maybe I overread that information in the documentation?
Either way, this seems kind of a bug to me. I now think, that the changing of the wifi has caused all this.
I found that little checkbox in ABE which is called "WAN-IP (...) equals LOCAL".
I do not know how that is exactly handled by Firefox and NoScript, but here are my thoughts.
Following situation:
Wifi 1 -> IP 1 (initial IP)
Wifi 2 -> IP 2
The initial IP gets cached by Firefox and NoIP. That means that IP 1 is used in ABE as the WAN IP.
If I change to Wifi 2 and get IP 2 Firefox still works for some seconds. After a full reload (without caching) the css and js is gone.
Firefox has recognized the new IP, but NoScript has not.
The WAN IP in the ABE settings does not change until I uncheck the box, close the settings dialog, reopen and recheck the box again and close it again.
But even after that the css and js does not load again.
Seems like the ruleset is not refreshed.
Strange behaviour, isn't it.
func0der
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
It works like this: a request is tested against each rule in the SYSTEM ruleset until one matches. Then the rule action (Anonymize, Deny, etc) is applied. Then, if the action was not Deny, it is tested against each rule in the USER ruleset until one matches, and that action is applied.func0der wrote:So to summarize things:
You can not UNBLOCK things, that have been blocked before by a global rule.
So, if a request reaches the built-in rule, it gets denied and it's game over. You need to put a rule above that one to match the request and allow it. Or perhaps Anonymize it, if it's just pulling styles and JavaScript.
Any messages from ABE in the Browser Console (Ctrl+Shift+J) when this occurs?The initial IP gets cached by Firefox and NoIP. That means that IP 1 is used in ABE as the WAN IP.
If I change to Wifi 2 and get IP 2 Firefox still works for some seconds. After a full reload (without caching) the css and js is gone.
Firefox has recognized the new IP, but NoScript has not.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
Console says:
Code: Select all
[ABE] <LOCAL> Deny on {GET http://mastery.local/node/186573/edit <<< http://mastery.local/gallon-of-rum - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE blocks local dev enviroment
This means that at the time of the request, Firefox has already DNS-resolved "mastery.local" at least to one LAN and one WAN (external) IP, and therefore "thinks" you're subject to a DNS-pinning attack.func0der wrote:Console says:Code: Select all
[ABE] <LOCAL> Deny on {GET http://mastery.local/node/186573/edit <<< http://mastery.local/gallon-of-rum - 6} SYSTEM rule: Site LOCAL Accept from LOCAL Deny
In order to work around, you just need to insert
Code: Select all
Site master.local
Accept
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
How should that be possible, if in my /etc/hosts it say:
How would mastery.local become an external ressource for firefox?
Code: Select all
127.0.0.1 mastery.local
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE blocks local dev enviroment
What does your DNS say?func0der wrote:How should that be possible, if in my /etc/hosts it say:
How would mastery.local become an external ressource for firefox?Code: Select all
127.0.0.1 mastery.local
Could you use dig or a similar utility to discover it?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
My similar utility was "ping". Hope this is okay?
In both wlans I get the correct resolution to 127.0.0.1.
In both wlans I get the correct resolution to 127.0.0.1.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE blocks local dev enviroment
A name can resolve to multiple IPs, and this looks to be the case. You can't find about multiple IPs by using ping, you need either nslookup or dig.func0der wrote:My similar utility was "ping". Hope this is okay?
In both wlans I get the correct resolution to 127.0.0.1.
Otherwise you can try running the following line in Firefox's Browser Console (ctrl+shift.J):
Code: Select all
noscriptOverlay.ns._e(function() DNS).resolve("mastery.local", 0, function(r) alert(r && r.toSource()))
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
I flushed the DNS cache after changing the WLAN and before running the commands.
I used "DNS Flusher 3.0.1" (http://www.coders.com.br/dns-flusher).
Wlan 1:
({ts:1390564779064, entries:["127.0.0.1", "fe80::225:4bff:fe03:ffde"], expireTime:1390564839064, refreshing:true})
Wlan 2:
({ts:1390564591881, entries:["127.0.0.1", "fe80::225:4bff:fe03:ffde"], expireTime:1390564651881, refreshing:true})
I used "DNS Flusher 3.0.1" (http://www.coders.com.br/dns-flusher).
Wlan 1:
({ts:1390564779064, entries:["127.0.0.1", "fe80::225:4bff:fe03:ffde"], expireTime:1390564839064, refreshing:true})
Wlan 2:
({ts:1390564591881, entries:["127.0.0.1", "fe80::225:4bff:fe03:ffde"], expireTime:1390564651881, refreshing:true})
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE blocks local dev enviroment
May I look at your /etc/hosts file?
Could you add it a
line?
Could you add it a
Code: Select all
::1 mastery.local
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: ABE blocks local dev enviroment
Added it.
Here is my /etc/hosts
Here is my /etc/hosts
Code: Select all
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
::1 mastery.local
127.0.0.1 mastery.local # MAMP PRO - Do NOT remove this entry!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0) Gecko/20100101 Firefox/26.0