In this case, start.me can be sent requests not only to online.citi.com/US/JRS/portal/index.do
If you think that it is fine, then let it be.
Thank you very much.
Be able to login to bank
Re: Be able to login to bank
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12
Re: Be able to login to bank
Ah, now I see what you're saying. Sure, something like this could likely work -
It does reduce attack surface slightly, but not by that much. Especially since only the https version of start.me is allowed to link the bank site, and you're already trusting start.me not to abuse it.
Code: Select all
Site https://online.citi.com/US/JRS/portal/index.do
Accept from https://start.me/* .citi.com
Deny
Site .online.citi.com
Accept from .citi.com
Deny
*Always* check the changelogs BEFORE updating that important software!
-
Re: Be able to login to bank
To allow linking, you could adjust it to:
Code: Select all
Site https://online.citi.com/US/JRS/portal/index.do
Accept from .citi.com
Anon GET from https://start.me/*
Deny
Site .online.citi.com
Accept from .citi.com
Deny
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0