ABE test

Discussions about the Application Boundaries Enforcer (ABE) module
Paulie

ABE test

Post by Paulie »

Hi there,
I'm testing out ABE but can't seem to get it to work. I'm trying one of the examples form FAQ 8.10

Scenario: I want the optimizely.com script to run on microsoft.com, but on no other websites. I'm testing the rule by looking at xbox.com and outlook.com, which both would normally run optimizely.com

I've allowed optimizely.com in the Whiteliest, which then allows it to run across all three sites.

The rule I wrote in Advanced for USER is:

Code: Select all

# Testing optimizely.com
Site .optimizely.com 
Accept from .microsoft.com 
Deny
However, it appears that optimizely.com still runs across all three websites, instead of just microsoft.com

What am I missing?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE test

Post by barbaz »

Paulie wrote:it appears that optimizely.com still runs across all three websites, instead of just microsoft.com
How are you determining this?
*Always* check the changelogs BEFORE updating that important software!
-
Paulie

Re: ABE test

Post by Paulie »

When looking at Xbox.com or outlook.com, the option to "Forbid optimizely.com" from running is shown, instead of the default "temporarily allow optimizely.com" that would be shown if it weren't whitelisted.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE test

Post by barbaz »

NoScript script blocking is independent of ABE. ABE is independent of script blocking. They are two separate things that each have their own sets of permissions.

So it's showing that way only because the script is allowed in script blocking.
*Always* check the changelogs BEFORE updating that important software!
-
Paulie

Re: ABE test

Post by Paulie »

Thank, barbaz!

I ran another test to confirm what you noted about their independence. Office365.com script is needed to in order to sign in on outlook.com . I allowed it in the whitelist for NoScript but denied it via ABE.

Went to outlook.com and even though it said "forbid 365.com", the sign in page was not loading.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Bounder
Posts: 19
Joined: Thu Nov 23, 2017 7:11 am

Re: ABE test

Post by Bounder »

Is it really true to say that ABE is strictly independent of script blocking - or vise versa? Given all of what's just been posted in this thread so far, would it be more correct to say that blocking in one makes the other one redundant for a given address?

Now I ask this not to be "smart", but rather to clarify things (for myself at least).
Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE test

Post by barbaz »

Bounder wrote:Is it really true to say that ABE is strictly independent of script blocking - or vise versa?
Yes
Bounder wrote:Given all of what's just been posted in this thread so far, would it be more correct to say that blocking in one makes the other one redundant for a given address?
Not necessarily. Script blocking blocks only active content, and only by the domain it comes from. ABE can block any type of request, based also on what made the request, and can even do full paths if you want/need.
*Always* check the changelogs BEFORE updating that important software!
-
Bounder
Posts: 19
Joined: Thu Nov 23, 2017 7:11 am

Re: ABE test

Post by Bounder »

Hi Barbaz, many thanks for the clarification, indeed very much appreciated. :D
Mozilla/5.0 (X11; Linux x86_64; rv:56.0) Gecko/20100101 Firefox/56.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE test

Post by barbaz »

You're welcome. Image
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply