Assistance with interpreting block notifications

Discussions about the Application Boundaries Enforcer (ABE) module
Just Another User

Assistance with interpreting block notifications

Post by Just Another User » Sat Nov 26, 2016 10:09 pm

Apologies if my searches failed to turn up another topic that covers this. Any insight or pointers to previous discussion would be appreciated.

Notifications seem to follow one of 2 formats (portion between the braces only): {"VERB URI1" <<< URI1,URI2 - ###} or {"VERB URI1" <<< URI1 - ###}.

I commonly see 4,2,6,7,11 in the ### location. Do these mean anything?

My conclusions to date are that {"VERB URI1" <<< URI1,URI2 - ###} translates to:
Site URI1.hostname
Accept VERB from URI2.hostname
Deny

AND {"VERB URI1" <<< URI1 - ###} translates to:
Site URI1.hostname
Accept VERB from SELF
Deny

But this doesn't always work and I haven't figured out why yet.

Can anyone provide insight?
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: Assistance with interpreting block notifications

Post by barbaz » Sat Nov 26, 2016 10:42 pm

Just Another User wrote:But this doesn't always work and I haven't figured out why yet.

Can anyone provide insight?

Yes, I can. That is like trying to recreate the entire Mona Lisa using only a picture of just her forehead. And you haven't yet figured out why the result doesn't look right? :)

The notification bar is just a notification. It doesn't say everything. You need the actual, full message from ABE from the Browser Console (Ctrl-Shift-J). https://noscript.net/abe/users.html

Please post that message(s) if you need further help.
*Always* check the changelogs BEFORE updating that important software!
-

Just Another User

Re: Assistance with interpreting block notifications

Post by Just Another User » Sat Nov 26, 2016 10:56 pm

Ok, now I can translate the number code and understand that it maps to the content type. Thank you.

So the exact error doesn't really matter, I'm looking to understand the structure so I can do this myself. Reviewing the link you posted for the format:
MATCHING_PATTERN: ACTION on {MATCHING_SITE << ORIGIN1[, ORIGIN2, ...], ORIGINAL_ORIGIN - REQUEST_TYPE}

I now understand my error. Thus my question changes to, "How do I write an ABE rule to accommodate a series of origins?"

Example error:
ABE < www.website.com> Deny on {GET https://www.website.com/ <<< https://www.website.com/, https://www.whereistartedfrom.com - 6} USER rule: Site www.website.com Accept GET from SELF www.whereistartedfrom.com Deny
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

barbaz
Senior Member
Posts: 9788
Joined: Sat Aug 03, 2013 5:45 pm

Re: Assistance with interpreting block notifications

Post by barbaz » Sat Nov 26, 2016 11:13 pm

You're welcome.

Just Another User wrote:Thus my question changes to, "How do I write an ABE rule to accommodate a series of origins?"

Put them all on the same line, separated by a single whitespace.

Also keep in mind that the SELF keywords can get quirky when redirections are involved, as would appear to be the case here.

I'd probably write your sample rule more like this -

Code: Select all

Site www.website.com
Accept from .website.com .whereistartedfrom.com
Deny

Yes, it's less restrictive than what you have. But unless you're dealing with sensitive sites, such as your local network or banking sites, the extra restriction is generally not needed.

Anyway, if you need/want to keep it restrictive, just replace SELF with your Site line, like so -

Code: Select all

Site www.website.com
Accept GET from www.website.com www.whereistartedfrom.com
Deny
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply