ABE and WD My Cloud

Discussions about the Application Boundaries Enforcer (ABE) module
notyetanotherid

ABE and WD My Cloud

Post by notyetanotherid » Wed Jun 18, 2014 11:47 am

Western Digital My Cloud is a NAS device accessible from the internet, via wd2go.com.

If on my local network I go to www.wd2go.com, login, and select my NAS device and then click on 'View Shares', ABE blocks the request:
[ABE] <LOCAL> Deny on {GET http://192.168.1.68/LandingPage?deviceU ... c900e03954 <<< https://www.wd2go.com/deviceLanding.do?displayId=138, https://www.wd2go.com/getDevicesInternal.do# - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

If I add an ABE system rule at the start:
Site 192.168.1.68
Accept GET

it works fine; obviously I don't want such a general rule, but:
Site 192.168.1.68
Accept GET from wd2go.com

fails, as do variations on the URL. What am I doing wrong?
Mozilla/5.0 (Windows NT 5.1; rv:29.0) Gecko/20100101 Firefox/29.0

barbaz
Senior Member
Posts: 9344
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and WD My Cloud

Post by barbaz » Wed Jun 18, 2014 2:45 pm

Code: Select all

Site 192.168.1.68
Accept GET from .wd2go.com

you were missing the leading dot needed to specify that you want subdomains of "wd2go.com" also

really, best practice would be this more restrictive exception

Code: Select all

Site 192.168.1.68
Accept GET from https://www.wd2go.com/
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:30.0) Gecko/20100101 Firefox/30.0 SeaMonkey/2.27a2

notyetanotherid

Re: ABE and WD My Cloud

Post by notyetanotherid » Wed Jun 18, 2014 10:06 pm

Unfortunately both of those versions cause the button click action to get denied by the LOCAL rule as per previously.

I am sure that I am missing something obvious ...
Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0

barbaz
Senior Member
Posts: 9344
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and WD My Cloud

Post by barbaz » Wed Jun 18, 2014 10:41 pm

Weird...

Just to verify, is the error message in the Browser Console the same as in your OP if you add either of my exceptions?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:33.0) Gecko/20100101 Firefox/33.0 SeaMonkey/2.30a1

notyetanotherid

Re: ABE and WD My Cloud

Post by notyetanotherid » Thu Jun 19, 2014 2:12 pm

Yes. Just done it now with the leading dot version and this is the console output:
Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0

barbaz
Senior Member
Posts: 9344
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and WD My Cloud

Post by barbaz » Thu Jun 19, 2014 2:45 pm

Try

Code: Select all

Site 192.168.1.68
Accept GET from 192.168.1.68 https://www.wd2go.com/
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:30.0) Gecko/20100101 Firefox/30.0 SeaMonkey/2.27a2

notyetanotherid

Re: ABE and WD My Cloud

Post by notyetanotherid » Fri Jun 20, 2014 1:06 pm

Perfect! Thanks.
Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0

barbaz
Senior Member
Posts: 9344
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and WD My Cloud

Post by barbaz » Fri Jun 20, 2014 3:26 pm

Glad we got this resolved, but could someone please explain to me why 192.168.1.68 isn't LOCAL in that last situation? Thanks in advance.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: ABE and WD My Cloud

Post by Thrawn » Sat Jun 21, 2014 1:53 am

Giorgio could answer best, but my $0.02 is that ABE is funny about redirects. It's not that the IP address is not LOCAL; it's that the combination of IP address and wd2go.com needs to be specifically allowed on its own line.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0

Post Reply