Abe rule blocking some Google search results, is this normal

Discussions about the Application Boundaries Enforcer (ABE) module
johnscript
Junior Member
Posts: 49
Joined: Wed Feb 20, 2013 1:49 pm

Abe rule blocking some Google search results, is this normal

Post by johnscript » Mon Jul 04, 2016 11:34 am

I was trying something with ABE and observed that this rule

Code: Select all

USER rule:
Site *.informaction.com
Accept from SELF
Deny


prevents google search results with the keyword "informaction" from being opened, meaning that if I click directly on the links in the search page, they will be blocked by ABE

Code: Select all

[ABE] <*.informaction.com> Deny on {GET https://forums.informaction.com/viewforum.php?f=7 <<< https://encrypted.google.com/search?output=search&sclient=psy-ab&q=noscript+forum+&btnG= - 6}


whilst I can still copy/paste such links in a new tab and open them.

Is this normal?

Why ABE thinks that clicks on a search result from google should be intercepted by the above rule?
Is that possibly because of some tracking header/cookie that google is adding to its search results?
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0

barbaz
Senior Member
Posts: 9343
Joined: Sat Aug 03, 2013 5:45 pm

Re: Abe rule blocking some Google search results, is this no

Post by barbaz » Mon Jul 04, 2016 3:07 pm

Yes it's normal and expected. ABE is a CSRF prevention tool and if it didn't work this way then CSRF would be as simple as redirection of the main document and/or offering you a link to click on.
Use Deny INC instead of just Deny - or, alternatively, add .encrypted.google.com (note the leading dot) to the end of the Accept line.

ABE Rules .pdf
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Abe rule blocking some Google search results, is this no

Post by Thrawn » Sun Jul 10, 2016 10:22 pm

You could also allow anonymous GET:

Code: Select all

Site *.informaction.com
Accept from SELF
Deny INC
Anon GET
Deny
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0

Post Reply