ABE prevents local links

Discussions about the Application Boundaries Enforcer (ABE) module
alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

ABE prevents local links

Post by alexo » Fri Apr 07, 2017 5:41 pm

When trying to click on links from a Tomcat page on a computer on the local network, I get the following:

Code: Select all

[ABE] < LOCAL> Deny on {GET http://ComputerName:8080/manager/status <<< http://ComputerName:8080/ - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Where "ComputerName" is a machine on the LAN.

How do I fix it?

barbaz
Senior Member
Posts: 8789
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 6:01 pm

NoScript Options > Advanced > ABE, add at the very top of SYSTEM

Code: Select all

Site ComputerName:8080
Accept from ComputerName:8080
*Always* check the changelogs BEFORE updating that important software!

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Fri Apr 07, 2017 9:07 pm

For each machine on our corporate network? I am pretty sure this is not how it's supposed to work.

barbaz
Senior Member
Posts: 8789
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 9:16 pm

If ComputerName resolves both to an IP that falls under LOCAL *and* to an IP that doesn't fall under LOCAL, ABE might be expected to block ComputerName from redirecting to itself.

Does the ABE rule change get it working?
*Always* check the changelogs BEFORE updating that important software!

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Fri Apr 07, 2017 10:36 pm

Yes, the change makes it work.

Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?

barbaz
Senior Member
Posts: 8789
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 10:43 pm

alexo wrote:Yes, the change makes it work.
Image

Do you have some sort of deployment software for all your corporate machines?
alexo wrote:Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?
Likely yes, but I don't know the details of how ABE handles IPv6 addresses, sorry.
*Always* check the changelogs BEFORE updating that important software!

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Sat Apr 08, 2017 6:30 am

barbaz wrote:Do you have some sort of deployment software for all your corporate machines?
IT handles it.
barbaz wrote:
alexo wrote:Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?
Likely yes, but I don't know the details of how ABE handles IPv6 addresses, sorry.
I'd say it's a bug then.

Post Reply