Re: How to add ABE exception for LOCAL?
Posted: Fri Feb 05, 2016 4:34 pm
So how does it know that a certain IP is on my LAN?
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Lucas Malor wrote:Maybe ABE could use WebRTC to know local IP address:
xheralt, your only other posts on this forum that were replied to are in viewtopic.php?f=23&t=2115. Tell me, which response from that thread are you paraphrasing?xheralt wrote:Okay, I had this issue some years ago, and received a very unsatisfactory response from the forum, which I will paraphrase as "Oh, you just write an exception for it the same way you would for any firewall rule...".
My www access is sporadic and depends on public wifi, which is why it's taken me this long to respond.barbaz wrote:xheralt, your only other posts on this forum that were replied to are in viewtopic.php?f=23&t=2115. Tell me, which response from that thread are you paraphrasing?xheralt wrote:Okay, I had this issue some years ago, and received a very unsatisfactory response from the forum, which I will paraphrase as "Oh, you just write an exception for it the same way you would for any firewall rule...".
Code: Select all
# Prevent Internet sites from requesting LAN resources.
Accept from http://10.0.0.1
Site LOCAL
Accept from LOCAL
Deny
Ah, thanks. Yeah, that must be it, one Mod used to delete "go-round" type threads here. He's no longer forum staff and we don't delete such threads anymore.xheralt wrote:My www access is sporadic and depends on public wifi, which is why it's taken me this long to respond.
There was another go-round before that; the thread waseither locked ordeleted.
I just remembered, I might be able to save you something else too. I actually happen to have an exception in my own SYSTEM ruleset for the same type of access point as you encountered in the other thread. Maybe having that in full could help in this case.xheralt wrote:So you've saved me from having to ask "what next"?
Code: Select all
# ******* WiFi haxx
Site .nnu.com
Accept
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Code: Select all
Site .site1.com .site2.com .site3.com
Accept
Code: Select all
Site 10.0.0.1 1.1.1.1
Accept
Barbaz, I went and created an account just so I could reply and say yes, this helps immensely. (Also, thanks to those had provided earlier clues but barbaz provided a concise solution AND explained why it gets entered that way.) I had been in situations similar to xheralt's previously and couldn't figure it out, so disabling ABE temporarily to get past the issue was the solution I used. Suddenly this week I've run into ABE blocking when trying to access a resource in my corporate LAN.barbaz wrote: Does that help?
Code: Select all
[ABE] < LOCAL> Deny on {GET http://somehost:8410/ui <<< http://somehost:8410/, moz-nullprincipal:{b22da868-f242-41c9-b93d-007297b56933} - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny