Page 1 of 3

How to add ABE exception for LOCAL?

Posted: Wed Jul 29, 2015 8:50 am
by Lucas Malor
I need to add an exception to LOCAL in ABE. I don't know why, but wifi that needs a web login does irritate ABE, that filter their requests.

I tried with:

Code: Select all

Site LOCAL
Accept from LOCAL
Accept from https://the.site.com
Deny


and with

Code: Select all

Site LOCAL
Accept from LOCAL
Accept from the.site.com
Deny


and with

Code: Select all

Site LOCAL
Accept from LOCAL
Accept from .the.site.com
Deny


and with

Code: Select all

Site LOCAL
Accept from LOCAL the.site.com
Deny


etcetera, but nothing. What's the correct way to add the exception?

Re: How to add ABE exception for LOCAL?

Posted: Wed Jul 29, 2015 5:10 pm
by barbaz
Moving to ABE.

We can't help you there without seeing the ABE message(s) from the Browser Console (Ctrl-Shift-J)...
(Preferably please test with the default SYSTEM ruleset.)

Re: How to add ABE exception for LOCAL?

Posted: Thu Jul 30, 2015 12:11 am
by Thrawn
It's pretty normal for captive WiFi to run into ABE, because you requested an external site, but the portal redirects you to a local address (their own) to log in.

Actually, if it weren't for the fact that this behavior is part of the terms and conditions of use, then it would qualify as an attack, hijacking your connection.

Anyway, as barbaz mentioned, we'd need to see which sites are trying to get involved, so that we know what exception(s) to add.

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 8:34 am
by Lucas Malor
I got another ABE exception:

Code: Select all

[ABE] <LOCAL> Deny on {GET http://ots1.cesi.lan/scm/resources/images/scm-logo.jpg <<< http://ots1.cesi.lan/scm/ - 3}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny


I have a lot of these messages. It's the site of the repository manager of our company, and I'm on the same net. I suppose this is the problem.
How can I add an exception?

PS: I recive no message from ABE via GUI if I access the URI directly. If I access the URI from another page, ABE complains.

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 4:07 pm
by barbaz
In this case, try:
NoScript Options > Advanced > ABE > SYSTEM, add at the very top

Code: Select all

Site ots1.cesi.lan
Accept from SELF+

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 5:08 pm
by Lucas Malor
It works. I have to put in SYSTEM rules, _before_:

Code: Select all

Site LOCAL
Accept from LOCAL
Deny


Can you explain me why? Furthermore, why that site was blocked? Is my previous assumption correct?

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 6:01 pm
by barbaz
The way to assess why the site is hitting ABE troubles is to do a DNS lookup of the site. Can you please post the output of running the following command in Terminal?

Code: Select all

dig ots1.cesi.lan


(I would suspect it resolves to both LOCAL and non-LOCAL addresses.)

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 6:13 pm
by Lucas Malor

Code: Select all

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> ots1.cesi.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 178
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;ots1.cesi.lan.         IN   A

;; ANSWER SECTION:
ots1.cesi.lan.      3600   IN   A   172.27.118.77

;; Query time: 14 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Feb 03 19:13:09 CET 2016
;; MSG SIZE  rcvd: 58

Re: How to add ABE exception for LOCAL?

Posted: Wed Feb 03, 2016 10:32 pm
by barbaz
Weird, that is only LOCAL... that really shouldn't be triggering the ABE rule to block it, especially not from itself.

Wonder if this is related to viewtopic.php?f=23&t=20795 ?

Re: How to add ABE exception for LOCAL?

Posted: Thu Feb 04, 2016 2:38 am
by Thrawn
Lucas Malor wrote:I have to put in SYSTEM rules...Can you explain me why?

Because if you use a different ruleset, or if you put it further down, then the SYSTEM rule will trigger and block the request, and ABE will stop examining further rules.

Furthermore, why that site was blocked? Is my previous assumption correct?

It's strange that it's blocking requests from itself to itself, like barbaz said. Might be a bug, or there might be something odd about the DNS resolution of that name.

Re: How to add ABE exception for LOCAL?

Posted: Thu Feb 04, 2016 9:43 am
by Lucas Malor
Are you sure it's LOCAL to LOCAL?

Code: Select all

marco@daneel:~$ ifconfig | grep -A 1 wlan1
wlan1     Link encap:Ethernet  HWaddr 10:08:b1:c8:72:fb 
          inet addr:172.27.102.138  Bcast:172.27.102.255  Mask:255.255.255.0
marco@daneel:~$ dig +short ots1.cesi.lan
172.27.118.77

Re: How to add ABE exception for LOCAL?

Posted: Thu Feb 04, 2016 5:09 pm
by barbaz
Well, that's what it looks like. Why do you think that terminal output maybe suggests otherwise?

Re: How to add ABE exception for LOCAL?

Posted: Thu Feb 04, 2016 11:39 pm
by Thrawn
Entering 172.27.118.77 into iplocation.net confirms that it is a local address.

Re: How to add ABE exception for LOCAL?

Posted: Fri Feb 05, 2016 10:03 am
by Lucas Malor
Well, because my net is 172.27.102.* and ots1.cesi.lan is on 172.27.118.77. It seems they are on different LANs.
From https://noscript.net/abe/ :

Code: Select all

# LOCAL is a placeholder which matches all the LAN 
# subnets (possibly configurable) and localhost

Re: How to add ABE exception for LOCAL?

Posted: Fri Feb 05, 2016 4:06 pm
by barbaz
I don't think NoScript knows your private IP.