I have two hosts, issues.example.com and docs.example.com. Normally I connect to these sites as shown to the left with https. When I'm connected through VPN, I can refer to them as just issues and docs. I sometimes get links to these in gmail, and they can show up as https://issues/ or https://issues.example.com
In the ABE system rulesets, I have:
Site LOCAL ^https://.*\example\.com
Accept from LOCAL
Accept from ^https://.*\example\.com
Accept from https://talkgadget.google.com
Accept from https://mail.google.com
Accept from https://www.google.com
Deny
The last three represent the various sites ABE reports as blocked. Often, I'll have two sites comma separated after the <<< , one representing the google redirect.
When I click on a link I received through gmail to https://issues.example.com/blahblahblah, I get the following ABE warning:
Request { GET https://issues.example.com/blahblahblah <<< https://issues.example.com/partofthepreviousURL, https://mail.google.com/_/scs/sometrackinglink} filtered by ABE: <LOCAL ^https://.*\.example\.com> Deny
If I change the last three lines from Accept to Anonymize, I have to login each time, but the links go through. I don't understand why.
Is my approach right? Is there something I'm not understanding about handling both inside/outside the VPN? Does LOCAL sometimes match these and sometimes not if I'm inside the VPN? Should I enumerate these sites individually before a LOCAL rule? Sometimes I get email linking to an internal only site that's not available outside the VPN.
I'm assuming I'm a bit lax by combining LOCAL with the example.com rule.
I'm on version 2.6.9.32.
Weirdness with/without domain name
Weirdness with/without domain name
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re: Weirdness with/without domain name
Yeah, you've made a bit of a mess of the ABE rules, I'd suggest you go to about:config and reset the noscript.ABE.ruleset.* prefs 
Try this one, put it *above* the default SYSTEM rule:
(hey, that Accept should be all one line, the forum is breaking it up instead of giving horizontal scrollbars. oh well)
Try this one, put it *above* the default SYSTEM rule:
Code: Select all
Site issues.example.com docs.example.com https://issues/* https://docs/*
Accept from issues.example.com docs.example.com https://issues/* https://docs/* https://talkgadget.google.com/* https://mail.google.com/* https://www.google.com/*
Deny
*Always* check the changelogs BEFORE updating that important software!
-
That makes it go for those sites, but now I run into other links breaking. From https://docs.example.com there's a link to http://mysvnserver, which I can only see from the VPN. Any link from docs.example.com is now blocked because of the LOCAL rule. If I access https://docs from within the VPN, it works fine.
If I, that works.
I'm assuming this is most secure but this seems like a rabbit hole for each and every local site I have that people might email a link to. I have faith in my ability to not click on stupid things, and I'm willing to forego a bit of security to make this not suck, along the lines of my previous LOCAL "mess"
Any other ideas?
Is there any way to tell ABE to treat a site as if it's LOCAL? The sites in .example.com are fully under our control, just allowed to be forward facing.
If I
Code: Select all
Site issues.example.com docs.example.com https://issues/* https://docs/* http://mysvnserver
Accept from issues.example.com docs.example.com https://issues/* https://docs/* http://mysvnserver https://talkgadget.google.com/* https://mail.google.com/* https://www.google.com/*
DenyI'm assuming this is most secure but this seems like a rabbit hole for each and every local site I have that people might email a link to. I have faith in my ability to not click on stupid things, and I'm willing to forego a bit of security to make this not suck, along the lines of my previous LOCAL "mess"
Any other ideas?
Is there any way to tell ABE to treat a site as if it's LOCAL? The sites in .example.com are fully under our control, just allowed to be forward facing.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Re:
So what's the problem? Seems fine to me...bizaff wrote:I'm assuming this is most secure but this seems like a rabbit hole for each and every local site I have that people might email a link to. I have faith in my ability to not click on stupid things,
I don't have any, sorry.bizaff wrote:Any other ideas?
Maybe someone else will?
Theoretically, there's noscript.ABE.localExtras; but in practice (at least last time I checked) that is completely broken.bizaff wrote:Is there any way to tell ABE to treat a site as if it's LOCAL?
*Always* check the changelogs BEFORE updating that important software!
-
Re: Weirdness with/without domain name
I think that LOCAL needs to be included in the Accept line of the extra rule:
Code: Select all
Site issues.example.com docs.example.com https://issues/* https://docs/* http://mysvnserver
Accept from LOCAL issues.example.com docs.example.com https://issues/* https://docs/* http://mysvnserver https://talkgadget.google.com/* https://mail.google.com/* https://www.google.com/*
Deny
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0