Bizarre ABE local rule invoked when accessing non-local

[GµårÐïåñ]

I was just sitting here and my wife told me that an ABE notice pops up and tells her that the LOCAL rule was invoked denying access but the funny part is that she is on Facebook playing a game and this has NO local component. Here is the exact message, minus some of the critical items that can be abused, which have been removed, Giorgio, if you want the full unaltered link, PM me, but it shouldn't be necessary.

[ABE] <LOCAL> Deny on {POST http://apps.facebook.com/onthefarm/giftaccept.php?reqType=yes&clickSrc= <<< http://apps.facebook.com/onthefarm/giftaccept.php?senderId=xxx&gift=vehiclepart&timestamp=xxx&ref=gift_accept_tab&key=xxx&signature=xxx&srcapp=FarmVille, http://apps.facebook.com/onthefarm/giftaccept.php?senderId=xxx&gift=vehiclepart&timestamp=xxx&ref=gift_accept_tab&key=xxx&signature=xxx&srcapp=FarmVille - xxx}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

As you can see, there is no local component but ABE is somehow catching it via the LOCAL filtering making absolutely no sense. Any ideas?

[Giorgio Maone]

Such a thing can happen only if apps.facebook.com DNS-resolves (either temporarily or permanently) to a LAN IP.
No idea of how this can be happened, though, especially if the Facebook app was still actually working.
Where's your DNS server?
Have you got any proxy?

[GµårÐïåñ]

Such a thing can happen only if apps.facebook.com DNS-resolves (either temporarily or permanently) to a LAN IP.

Can't see how that would happen given that when the ABE error would not go away, I closed the tab, opened another and browsed to the page and it worked fine, didn't even need to close my browser so that means ABE is being triggered some other way. Now if I was like people who use the zynga toolbars, then I might see a local component but I don't use them because I can't stand them.

No idea of how this can be happened, though, especially if the Facebook app was still actually working.

Yeap, that's why I came to you, otherwise besides the error which rendered that particular tab annoying and stuck, when it was closed, it worked fine still in the same session in the browser. So if it was an actual DNS resolution issue, then my session should have continued to produce that issue on other tabs within the same session too.

Where's your DNS server?

Regular ISP DNS servers, on the router which is served to all the DHCP assigned IPs on the local network but on my machine there is a back up DNS listed which is the Comodo secure servers. That's it, nothing unusual or out of ordinary.

Have you got any proxy?

Nope, I don't have it, don't use it and for the most part, don't need it, unless I am testing which wasn't the case here.

Any other ideas?

[Giorgio Maone]

If this keeps happening, please open Tools|Error Console and evaluate the following script:

Code: Select all

var dns = top.opener.noscriptOverlay.ns.__parent__.DNS; var host = "apps.facebook.com"; dns.resolve(host, false, function(r) { alert( r.entries.toSource() + "\nLocal:" + dns.isLocalHost(host)) })

[GµårÐïåñ]

Did as you asked and it gave me this.

Error: top.opener is null
Source file: javascript:%20var%20dns%20=%20top.opener.noscriptOverlay.ns.__parent__.DNS;%20var%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

[Giorgio Maone]

Did as you asked and it gave me this.

Error: top.opener is null
Source file: javascript:%20var%20dns%20=%20top.opener.noscriptOverlay.ns.__parent__.DNS;%20var%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

How did you open the Error Console, exactly? top.opener should be the chrome window where you used Tools|Error Console, unless you closed it in the meanwhile...

[GµårÐïåñ]

How I always open it, using the button I have for it on my toolbar. However, whether I use the Tools|Error Console or Ctrl+Shift+J it all takes me to the same place. I use the error console quite a lot, so I'm quite familiar with it. Now the only difference is that I don't use the "built-in" error console per se, I have Console² but that shouldn't matter since it still hooks the built-in console. Thoughts?

[Giorgio Maone]

I use Console² as well, and really a lot, but top.opener is always a chrome window for me...

However, you can use the following which doesn't depend on windows:

Code: Select all

dns = Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS; host = "apps.facebook.com"; dns.resolve(host, false, function(r) { alert( r.entries.toSource() + "\nLocal:" + dns.isLocalHost(host)) })

[therube]

FWIW.
Neither working on the Trunk.

Code: Select all

Error: Components.classes['@maone.net/noscript-service;1'].getService().wrappedJSObject.__parent__ is undefined
Source file: javascript:%20%20%20%20%20dns%20=%20Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS;%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

Code: Select all

Error: top.opener.noscriptOverlay.ns.__parent__ is undefined
Source file: javascript:%20var%20dns%20=%20top.opener.noscriptOverlay.ns.__parent__.DNS;%20var%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

On the branch (& I was open to an Amazon.com webpage - I guess that doesn't matter):

On the first attempt to Evaluate:

Code: Select all

null

Error: dns is not defined
Source file: javascript:%20dns%20=%20Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS;%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

Second & subsequent attempts to Evaluate then returns:

Code: Select all

["69.63.189.26"]
Local:false

(This happens with both versions. First a 'null', then the expected Facebook response.)

[Giorgio Maone]

That's really weird.
Does the ABE problem happen also on a clean profile with just NoScript installed (and default NoScript options)?

[therube]

New Profile
Install noscript-2.0.2.4rc1.xpi
Restart

Open Error Console

Evalute

---

null

---

Error: dns is not defined
Source File: javascript:%20dns%20=%20Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS;%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

--

Evaluate

---

["69.63.189.16"]
Local:false

---

[object Object]

---

Subsequent Evaluates ... popup dialog 69.63... & the object Object in Error Console log.

[therube]

Second method returns similar results.

First try the nul and

Code: Select all

Error: dns is not defined
Source File: javascript:%20dns%20=%20Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS;%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

Subsequent Evaluates return the expected results (other then the object Object logging in Error Console).

(Though IP has now changed; 66.220.146.32, but still Facebook.)

[therube]

(Have you ever done something so ass backwards ... well I just did .)

[linuser]

If this keeps happening, please open Tools|Error Console and evaluate the following script:

Code: Select all

var dns = top.opener.noscriptOverlay.ns.__parent__.DNS; var host = "apps.facebook.com"; dns.resolve(host, false, function(r) { alert( r.entries.toSource() + "\nLocal:" + dns.isLocalHost(host)) })

I should say I didn't have any ABE error as described in the object of the thread , but anyway I tried to evaluate the expression in the error console and it gave me an error message with Mindfield :

Code: Select all

Error: top.opener.noscriptOverlay.ns.__parent__ is undefined
Source File: javascript:%20var%20dns%20=%20top.opener.noscriptOverlay.ns.__parent__.DNS;%20var%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

And this one while trying to evaluate the second expression :

Code: Select all

Error: Components.classes['@maone.net/noscript-service;1'].getService().wrappedJSObject.__parent__ is undefined
Source File: javascript:%20dns%20=%20Components.classes["@maone.net/noscript-service;1"].getService().wrappedJSObject.__parent__.DNS;%20host%20=%20"apps.facebook.com";%20dns.resolve(host,%20false,%20function(r)%20{%20alert(%20r.entries.toSource()%20+%20"\nLocal:"%20+%20dns.isLocalHost(host))%20})
Line: 1

And they both give me the same results while trying to evaluate them without resolving the domain

[therube]

See above ^^^. Neither expression are working on the Trunk.