[Resolved] filtered by ABE: <LOCAL> Deny

Discussions about the Application Boundaries Enforcer (ABE) module
wxman1
Junior Member
Posts: 44
Joined: Tue Dec 08, 2015 8:11 pm

Re: filtered by ABE: <LOCAL> Deny

Post by wxman1 » Wed Aug 10, 2016 6:57 pm

I tried remarking out the HOSTS entry for c.bing.com and voila! The MS Support page rendered w/ out ABE block. I put it back in and the "error" returned. No variation of rule-set would resolve that. TRACERT c.bing.com returned 0.0.0.0 invalid IP address. However, I noticed that its the LOCAL rule that's hitting, not the 0.0.0.0 rule-set.

I pull the c.bing.com URI out of the LOCAL ruleset - back to default - and cut out the www.drudgereport.com from the Deny INC action of the 0.0.0.0 ruleset and discover that Drudge STILL didn't generate an error. I removed the entire 0.0.0.0 ruleset and Drudge once again displayed ABE block. I added it back in again and the ABE block went away on Drudge. I checked the MS Support page and it didn't display ABE block either.

I checked the browser console for the MS Support page:

Code: Select all

Loading mixed (insecure) display content "http://c.bing.com/c.gif?&CtsSyncId=D0712B25DFD04E3589289940C1CCA73D&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5" on a secure page

[ABE] <0.0.0.0> Deny INCLUSION on {GET http://c.bing.com/c.gif?&CtsSyncId=D0712B25DFD04E3589289940C1CCA73D&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5 <<< http://c1.microsoft.com/c.gif?, https://support.microsoft.com/en-us/kb/919746 - 3}
SYSTEM rule:
Site 0.0.0.0
Accept from SELF+
Deny INCLUSION

c.microsoft.com : server does not support RFC 5746, see CVE-2009-3555

Loading mixed (insecure) display content "http://c.bing.com/c.gif?&CtsSyncId=55BBA3CAA23344089423F1CBA2360A7D&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5" on a secure page

[ABE] <0.0.0.0> Deny INCLUSION on {GET http://c.bing.com/c.gif?&CtsSyncId=55BBA3CAA23344089423F1CBA2360A7D&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5 <<< http://c1.microsoft.com/c.gif?, https://support.microsoft.com/en-us/kb/919746 - 3}
SYSTEM rule:
Site 0.0.0.0
Accept from SELF+
Deny INCLUSION

[ABE] <0.0.0.0> Deny INCLUSION on {GET https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=A8BB2238121543618489E29AEA68C761&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5 <<< https://c1.microsoft.com/c.gif?DI=4050&did=1&t=, https://support.microsoft.com/en-us/kb/919746 - 7}
SYSTEM rule:
Site 0.0.0.0
Accept from SELF+
Deny INCLUSION

[ABE] <0.0.0.0> Deny INCLUSION on {GET https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=10B5C640D24641989FE66CAD6B86A561&RedC=c1.microsoft.com&MXFR=2ACB603D9A6A67E8261769509E6A61A5 <<< https://c1.microsoft.com/c.gif?DI=4050&did=1&t=, https://support.microsoft.com/en-us/kb/919746 - 3}
SYSTEM rule:
Site 0.0.0.0
Accept from SELF+
Deny INCLUSION

Dunno, that would seem to suggest an issue with NoScript parsing the rules, or there was a non-ASCI or wierd unprintable UTF char in the rulesets.

Bottom line it looks like its working now.
Last edited by wxman1 on Wed Aug 10, 2016 7:31 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 5.2; rv:48.0) Gecko/20100101 Firefox/48.0

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: filtered by ABE: <LOCAL> Deny

Post by barbaz » Wed Aug 10, 2016 7:29 pm

That Deny INC is just suppressing the notification, not changing what ABE blocks.

(Sorry, I missed a minor detail earlier. You should remove that Accept line for 0.0.0.0 as 0.0.0.0 should never be able to request anything in a web browser.)

Anyway, glad you got it working for you, marking this Resolved.
*Always* check the changelogs BEFORE updating that important software!
-

wxman1
Junior Member
Posts: 44
Joined: Tue Dec 08, 2015 8:11 pm

Re: [Resolved] filtered by ABE: <LOCAL> Deny

Post by wxman1 » Wed Aug 10, 2016 7:44 pm

Copy that and roger that; it works.

Here's a thing: I had an issue a while back with Flash being blocked - but never knew it - because there was script blockage; I never seen the Flash blockage notification. Once I implemented a 10 second time out for script blockage, I could enable Flash based on the subsequent Flash blockage notification. Otherwise the site I was on was crippled - not nonfunctional - but major crippled even so I wasn't using Flash for the slideshow I think it was that wanted that. .

What came to my attention with this most recent issue: the ABE blockage message never times out. On the plus side, if but for that "feature" I'd never have drilled into this matter. As it is I learned a bunches.

8-)
Mozilla/5.0 (Windows NT 5.2; rv:48.0) Gecko/20100101 Firefox/48.0

wxman1
Junior Member
Posts: 44
Joined: Tue Dec 08, 2015 8:11 pm

Re: [Resolved] filtered by ABE: <LOCAL> Deny

Post by wxman1 » Thu Aug 11, 2016 12:35 am

Major breakthrough! I encountered another website that has similar problem, except having a -6 deal in the blockage. I discovered that the 1st level domain is redirecting to 2nd level sub-doc where both have the same domain name plus that domain is in the HOSTS file.

I discovered that I need to TRACERT the domain after remarking the domain name in HOSTS, and then the web-page displays - and even links are functional - despite the site URL and script associated URI's being forbidden.

So, yeah, NoScript + ABE will be a solid backstop to fundamental parasite protection offered by HOSTS.

:D
Mozilla/5.0 (Windows NT 5.2; rv:48.0) Gecko/20100101 Firefox/48.0

Post Reply