[RESOLVED] LOCAL & hostname

[meh_]

Problem:
I run an application on a computer in my lan network that offers me a REST interface to query status information, ... .
That computer runs windows 7, and is identified by hostname myhostname, and has two network interfaces(one lan, and one wifi)

I share my firefox profile over several computers in my home network, including the stationary mentioned above, and some notebooks.
Therefore, I access the REST interface using the hostname to get a url that works from all places (opposed to using localhost which only works on the desktop, or lan address that doesn't work over wifi):
http://myhostname:12345/service/status

When I type the url in the addressbar, everything works fine. But when I attempt to click a hyperlink (http://myhostname:12345/help returns a website listing all available operations), the ABE warning comes up:

Request { GET http://myhostname:12345/service/status <<< http://myhostname:12345/help, http://myhostname:12345/help - 6} filtered by ABE: <LOCAL> Deny

Okay, the warning offered me to tweak the options, so I clicked that. Unfortunately, instead of a simple e.g. Temporarily allow myhostname I am presented with the rule-list dialog. While the ? gives some information on how it's supposed to work (wtf is the syntax only in a pdf?), there is no information about the dialog. E.g. what are System rulesets, what User, how is their precedence, what is the precedence of rules, what is the WAN IP \elem LOCAL thing ...

So, in the dialog the comment for the main rule claims, it only allows lan sites to access lan ressources.
Now that is obviously wrong.

Based on what I've read the past 3 hours here in the forums, a dns is only then marked as local, if all ip addresses it points to are part of the private ip range.
Now myhostname has the following ip addresses:

Wireless LAN adapter Wireless Network Connection:
Link-local IPv6 Address . . . . . : fe80::xxx
IPv4 Address. . . . . . . . . . . : 10.x.x.x

Ethernet adapter Local Area Connection:
Link-local IPv6 Address . . . . . : fe80::xxx
IPv4 Address. . . . . . . . . . . : 192.x.x.x

Tunnel adapter Local Area Connection* 11:
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
IPv6 Address. . . . . . . . . . . : 2001:0:xxx
Link-local IPv6 Address . . . . . : fe80::xxx

The lan / wifi addresses are all private/link-local, but the Teredo tunneling thing has a public IPv6 (cf. http://en.wikipedia.org/wiki/Teredo_tun ... addressing).
Now, I did not install Teredo myself, it came shipped with windows (already since vista I believe).
So basically, I can't access any modern windows computer by its hostname in my lan?

Anyways, I just thought I'd probably have to include myhostname to the system rule that blocks everything:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL myhostname
Deny

Needless to say, that doesn't work. I changed the order of LOCAL and myhostname, I added an extra rule for myhostname, I put it in the user set. Nothing worked.

[Giorgio Maone]

Please try inserting this rule in the beginning of the SYSTEM ruleset (before the built-in LOCAL rule):

Code: Select all

Site LOCAL
Accept from myhostname

[meh_]

Not working.

My system ruleset (user ruleset is empty) is as follows:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from myhostname

Site LOCAL
Accept from LOCAL
Deny

[Giorgio Maone]

Oops, wait. Did you say you need myhostname (always requested by name) to be accessible from myhostname itself? Or from all origins?
If the former (always in the beginning since first match wins inside a ruleset):

Code: Select all

Site myhostname
Accept from myhostname

If the latter, just

Code: Select all

Site myhostname
Accept

[meh_]

Did you say you need myhostname (always requested by name) to be accessible from myhostname itself? Or from all origins?

Right now, the former, but in the long run, the latter.
I don't have my laptops here with me now, so I can't test it on them.

Anyways, neither of your suggestions work.
It always claims to be blocked by the LOCAL rule.

I don't have to restart firefox, or do anything else to reload the rules, right?

[Giorgio Maone]

I don't have to restart firefox, or do anything else to reload the rules, right?

If you're editing them from the NoScript Options|Advanced|ABE textbox directly, no. Otherwise (if you're using an external editor) you need to put back the focus on the Options dialog or restart the browser.

Anyway

Code: Select all

Site myhostname
Accept

should just work, provided that it precedes the built-in LOCAL rule in the SYSTEM ruleset.
How does the host name actually look like?

[meh_]

I have this as system ruleset (edited as always directly in the options dialog):

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site myhostname
Accept

Site LOCAL
Accept from LOCAL
Deny

and it doesn't work.

I still get this error:

[ABE] <LOCAL> Deny on {GET http://myhostname:12345/service/status <<< http://myhostname:12345/help, http://myhostname:12345/help - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

in the addressbar, i entered http://myhostname:12345/help, and on that page I click a link with href="/service/status".

How does the host name actually look like?

Nothing special, just 4 alphanumeric characters.

[Giorgio Maone]

I'm quite puzzled, however I suspect the hostname. Please try to use

Code: Select all

Site http://myhostname:12345/*
Accept

[meh_]

That finally worked.