Regex and Ping

Discussions about the Application Boundaries Enforcer (ABE) module
Post Reply
ReporterX
Senior Member
Posts: 74
Joined: Mon Sep 15, 2014 11:46 pm

Regex and Ping

Post by ReporterX »

Newbie ABE learner

1. Must I need to use ^ sign to declare a regex URI pattern? In other words, any regex must start with ^ sign. True?

2. Could I use more than 1 method in the same rule, like what you can do with resource

3. Method: PING
A webserver can send PING request to us?
I thought PING request is sent by the user (to the webserver) to test the availability of the webserver.
What is the implication of privacy of security if I don't block it? Should we block it?

Thanks a lot. :)
Firefox 37.0.2, NoScript 2.6.9.22
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Top
barbaz
Senior Member
Posts: 10847
Joined: Sat Aug 03, 2013 5:45 pm

Re: Regex and Ping

Post by barbaz »

ReporterX wrote:1. Must I need to use ^ sign to declare a regex URI pattern? In other words, any regex must start with ^ sign. True?
yes, at least in most cases. It's best to always do that.
ReporterX wrote:2. Could I use more than 1 method in the same rule, like what you can do with resource
Yes
ReporterX wrote:3. Method: PING
A webserver can send PING request to us?
I thought PING request is sent by the user (to the webserver) to test the availability of the webserver.
What is the implication of privacy of security if I don't block it? Should we block it?
This PING is

Code: Select all

<a ping="...
which will send the site(s) listed in the ping attribute, a short message saying that you clicked that hyperlink.
I think it's blocked by default in the browser, so you don't need to worry about it.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Windows NT 5.1; rv:32.0) Gecko/20100101 Firefox/32.0 SeaMonkey/2.29
Top
ReporterX
Senior Member
Posts: 74
Joined: Mon Sep 15, 2014 11:46 pm

Re: Regex and Ping

Post by ReporterX »

barbaz wrote:
ReporterX wrote:1. Must I need to use ^ sign to declare a regex URI pattern? In other words, any regex must start with ^ sign. True?
yes, at least in most cases. It's best to always do that.
I tested it some time ago today.
It appears NoScript fails to recognize if I don't put ^ in front of the regex pattern.
Not that you have a choice. It is required.

barbaz wrote:
ReporterX wrote:3. Method: PING
A webserver can send PING request to us?
I thought PING request is sent by the user (to the webserver) to test the availability of the webserver.
What is the implication of privacy of security if I don't block it? Should we block it?
This PING is

Code: Select all

<a ping="...
which will send the site(s) listed in the ping attribute, a short message saying that you clicked that hyperlink.
I think it's blocked by default in the browser, so you don't need to worry about it.
I see.
Yup it seems to be. <a> ping request is ignored by default since 2008.
http://kb.mozillazine.org/Browser.send_pings

Thanks a lot. :)
Firefox 37.0.2, NoScript 2.6.9.22
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Top
Post Reply

Return to “ABE”