Blocking content with ABE?

Discussions about the Application Boundaries Enforcer (ABE) module
access2godzilla
Senior Member
Posts: 109
Joined: Sun May 20, 2012 5:09 pm

Blocking content with ABE?

Post by access2godzilla » Mon Jun 02, 2014 11:17 am

Is blocking of requests based on its content possible with ABE? I know that I can do this:

Code: Select all

Site ^https?://.*exe
Accept from .sourceforge.net .mozilla.org
Deny


But what I'm trying to do can be perhaps described like this:

Code: Select all

# Block executables
Content /MZ.*PE/
Accept from .sourceforge.net .mozilla.org
Deny


Of course it does not help with zipped files or XORed payloads and such, but I was just wondering if it could be done...
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36

barbaz
Senior Member
Posts: 9344
Joined: Sat Aug 03, 2013 5:45 pm

Re: Blocking content with ABE?

Post by barbaz » Mon Jun 02, 2014 1:24 pm

*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26

Post Reply