blocking cloudfront

Ask for help about NoScript, no registration needed to post
bobblinkyo
Posts: 4
Joined: Sun Nov 03, 2013 9:57 pm

blocking cloudfront

Post by bobblinkyo » Mon Nov 25, 2013 8:00 pm

Since I am not familiar with regex, can someone show me how to configure noscript (currently 2.6.8.5 on my Linux box) to automatically disallow any URL ending in cloudfront.net (or cloudfront.*)?

Thanks in advance,
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0

User avatar
therube
Ambassador
Posts: 7584
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: blocking cloudfront

Post by therube » Mon Nov 25, 2013 8:12 pm

If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:26.0) Gecko/20100101 SeaMonkey/2.23a2

barbaz
Senior Member
Posts: 9466
Joined: Sat Aug 03, 2013 5:45 pm

Re: blocking cloudfront

Post by barbaz » Mon Nov 25, 2013 8:14 pm

As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work. But if you really want to block cloudfront.net with NoScript, try this:
Add the following rule to your USER ABE ruleset, on top:

Code: Select all

Site .cloudfront.net
# this is where an Accept line would go should you decide to allow cloudfront on a per-site basis
Deny


for cloudfront.*, use this instead:

Code: Select all

Site ^[A-Za-z-]+://(?:[^:/]+\.)?cloudfront\.[^\.]+[^0-9A-Za-z_\.%-]
Deny
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0 SeaMonkey/2.22.1

bobblinkyo
Posts: 4
Joined: Sun Nov 03, 2013 9:57 pm

Re: blocking cloudfront

Post by bobblinkyo » Mon Nov 25, 2013 8:55 pm

therube wrote:If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.


Thanks for the tip. Noscript is running and cloudfront is being blocked, but when I see the yellow bar at the bottom of the browser appear, then I always check to see which scripts are allowed to run. This to ensure that I have complete functionality of the website (but without the malware). Blocking cloudfont completely is just a convenience for me.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0

bobblinkyo
Posts: 4
Joined: Sun Nov 03, 2013 9:57 pm

Re: blocking cloudfront

Post by bobblinkyo » Mon Nov 25, 2013 8:58 pm

@barbaz

As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work.


Well, I don't want to make a lot of trouble for myself, but up to now, but allowing Noscript to block cloudfront, I have not noticed anything broken about the websites visted.

--What experiences have you made that suggests that this is a bad idea??

TIA
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0

barbaz
Senior Member
Posts: 9466
Joined: Sat Aug 03, 2013 5:45 pm

Re: blocking cloudfront

Post by barbaz » Mon Nov 25, 2013 9:22 pm

bobblinkyo wrote:--What experiences have you made that suggests that this is a bad idea??

Try listening to any radio stream on tunein.com - you'll find that it requires cloudfront.net allowed (both script & requests).
Also, on bitbucket (and many other sites) everything is totally messed up (mainly CSS) without allowing requests to cloudfront.net.

Best practice with cloudfront.net is to script-allow subdomains as needed, otherwise leave it alone. You could additionally block it as I suggested above but if you do that, expect to be adding exceptions for some sites.
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:25.0) Gecko/20100101 Firefox/25.0 SeaMonkey/2.22.1

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: blocking cloudfront

Post by Thrawn » Mon Nov 25, 2013 11:30 pm

As therube said, there shouldn't be any need to block cloudfront specifically. It's blocked by default, like everything else.

Even if you use Scripts Globally Allowed mode, you can still mark cloudfront.net as Untrusted.

What more do you need?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0

Post Reply