Which is the best way to configure ABE?
Re: Which is the best way to configure ABE?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.11) Gecko/20100701 SeaMonkey/2.0.6
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Which is the best way to configure ABE?
In fact "common users" shouldn't touch them without guidance.DarkBlood wrote:Thank you therube, I understand better now but still ABE settings are too complicated to common users
The built-in rules already give significant protection against attacks from internet to intranet.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Re: Which is the best way to configure ABE?
Giorgio, are you also considering to enhance ABE in such a way that Noscript will become an alternative to CsFire? I understand that ABE already offers what CsFire does but it's simply not user-friendly enough to use it that way. Would be highly appreciatedGiorgio Maone wrote:In fact "common users" shouldn't touch them without guidance.DarkBlood wrote:Thank you therube, I understand better now but still ABE settings are too complicated to common users
The built-in rules already give significant protection against attacks from internet to intranet.
Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.9.2.9pre) Gecko/20100730 Ubuntu/10.04 (lucid) Namoroka/3.6.9pre
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Which is the best way to configure ABE?
CsFire's behavior can be implemented with this one simple rule (to be put in the USER ruleset):
Code: Select all
# This rules allows authentication data to be sent with requests originated
# from the same base domain, stripping it off otherwise
Site *
Accept from SELF++
Anon
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Re: Which is the best way to configure ABE?
Ah - I had used the rule you had mentioned in http://forums.informaction.com/viewtopi ... 99&start=0& :Giorgio Maone wrote:CsFire's behavior can be implemented with this one simple rule (to be put in the USER ruleset):Code: Select all
# This rules allows authentication data to be sent with requests originated # from the same base domain, stripping it off otherwise Site * Accept from SELF++ Anon
Code: Select all
Site *
Accept from SELF
Anon
Mozilla/5.0 (X11; U; Linux x86_64; de-DE; rv:1.9.2.9pre) Gecko/20100730 Ubuntu/10.04 (lucid) Namoroka/3.6.9pre
Re: Which is the best way to configure ABE?
Am I understanding this correctly, can I use this string to allow my own website?
My problem is ABE is blocking me from browsing to my own web pages since they are being served from the same IP.
My problem is ABE is blocking me from browsing to my own web pages since they are being served from the same IP.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Which is the best way to configure ABE?
What message do you get, exactly?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Re: Which is the best way to configure ABE?
I have more information, problem happens when I do Google search for my site then click on search result, I get information bar at top of screen, actually I suppose this means ABE is working like it should? Perhaps I will just use bookmarks or is it safe to allow Google?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Which is the best way to configure ABE?
Because it would probably break any web site which spans across different domains linking back and forth (many financial sites have this kind of setup), so if you're not prepared to opt-in and possibly put exceptions to this behavior, it would come as an unpleasant surprise.Nate wrote:Could you please summarize why this rule is not included by default?Giorgio Maone wrote:CsFire's behavior can be implemented with this one simple rule (to be put in the USER ruleset):Code: Select all
# This rules allows authentication data to be sent with requests originated # from the same base domain, stripping it off otherwise Site * Accept from SELF++ Anon
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11
Re: Which is the best way to configure ABE?
Giorgio Maone wrote:Because it would probably break any web site which spans across different domains linking back and forth (many financial sites have this kind of setup), so if you're not prepared to opt-in and possibly put exceptions to this behavior, it would come as an unpleasant surprise.Nate wrote:Could you please summarize why this rule is not included by default?Giorgio Maone wrote:CsFire's behavior can be implemented with this one simple rule (to be put in the USER ruleset):Code: Select all
# This rules allows authentication data to be sent with requests originated # from the same base domain, stripping it off otherwise Site * Accept from SELF++ Anon
Could someone please give an example of "opt-in and possibly put exceptions to this behavior"? Yahoo Mail! would be a fine test case I believe; popular and at times has been prone to Cross-Site risks, and absent exceptions there are layout problems at a minimum.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Which is the best way to configure ABE?
very old guy wrote: Could someone please give an example of "opt-in and possibly put exceptions to this behavior"? Yahoo Mail! would be a fine test case I believe; popular and at times has been prone to Cross-Site risks, and absent exceptions there are layout problems at a minimum.
Code: Select all
Site .yahoo.com .anyothersiteyouwanttoprotect.com
Accept from SELF++
Anon
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Re: Which is the best way to configure ABE?
According to this presentation and this paper (this thread is reference [8] there) CsFire allows "expected requests" / "trusted delegations" since version 1.0 which would get blocked with the above user rule.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0) Gecko/20100101 Firefox/10.0