ABE and local network DNS server setups

Discussions about the Application Boundaries Enforcer (ABE) module
Thorsten

ABE and local network DNS server setups

Post by Thorsten » Sat Aug 01, 2015 1:46 pm

In my local network I set up a server which serves a blank HTML page for adblock purposes. DNS queries from the local network clients are changed appropriately to point to the local server.

It works very well, however when I use NoScript, I get ABE warnings.
I temporarily disabled the following lines by uncommenting them, in the ABE section of NoScript's Advanced Options tab:

# Prevent Internet sites from requesting LAN resources.
#Site LOCAL
#Accept from LOCAL
#Deny

I wonder if this is a already the perfect solution or if I can change it further so I get the intended security ("Prevent Internet sites from requesting LAN resources") but still let scripts that have their changed DNS responses point to my server's blank HTML page not trigger the ABE warnings.

I hope my explanations are not too complicated. It's a pretty simple setup, but I'm not a native speaker.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9139
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and local network DNS server setups

Post by barbaz » Sat Aug 01, 2015 5:41 pm

Moving to ABE.

Thorsten wrote:when I use NoScript, I get ABE warnings.

Please reset the SYSTEM rule to default, reproduce the problem, and check the Browser Console (Ctrl-Shift-J) for the message from ABE and post that here.

Thorsten wrote:I wonder if this is a already the perfect solution

No it's definitely not, you're disabling that protection completely - it's there for a reason.

Thorsten wrote:or if I can change it further so I get the intended security ("Prevent Internet sites from requesting LAN resources") but still let scripts that have their changed DNS responses point to my server's blank HTML page not trigger the ABE warnings.

With the Browser Console message(s) we can help you come up with a safe exception.
*Always* check the changelogs BEFORE updating that important software!
-

Thorsten

Re: ABE and local network DNS server setups

Post by Thorsten » Sat Aug 01, 2015 6:31 pm

Code: Select all

[ABE] <LOCAL> Deny on {GET http://rcm-eu.amazon-adsystem.com/e/cm?t=cb-noscript-21&o=3&p=48&l=ur1&category=computer&banner=160GN795Y7B8SC5D9202&f=ifr <<< http://www.computerbase.de/ - 7}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny


This is a message I get on a popular German website. The ad server's address, "rcm-eu.amazon-adsystem.com", is in my ad list and so it points to my local network server's LAN IP to get the blank HTML page. But with current ABE rules, not the blank page but the browser message "Page not found" appears inside the ad script's frame. The blank page's purpose is to prevent such messages.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

Thorsten

Re: ABE and local network DNS server setups

Post by Thorsten » Sat Aug 01, 2015 6:43 pm

I must admit that even though I flushed the DNS caches of the local machines, I can't currently reproduce the problem.
Maybe it was not ABE related.

Then blocking should be even better than requesting a local blank page, and the only remaining "problem" would be to get rid of ABE's error window.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

barbaz
Senior Member
Posts: 9139
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE and local network DNS server setups

Post by barbaz » Sat Aug 01, 2015 7:19 pm

:o :o
I'm sorry, I totally missed the point. Can you try something like this (no idea if it'll work):
add at the very top of the SYSTEM ruleset

Code: Select all

Site [YOUR_LOCAL_SERVERS_IP]
Accept


Failing that, you could consider to resolve those sites to 0.0.0.0 instead: https://hackademix.net/2009/07/01/abe-warnings-everywhere-omg/
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply