Is my ABE set up right? Am I missing some ABE lines?

Ask for help about NoScript, no registration needed to post
Post Reply
User avatar
glnz
Junior Member
Posts: 25
Joined: Sat Sep 04, 2010 12:43 pm

Is my ABE set up right? Am I missing some ABE lines?

Post by glnz »

New to NoScript and I'm just a good home PC user so almost everything NoScript does is way beyond my technical understanding.

Do I have my ABE set up correctly? When I go to Options - Advanced - ABE and click on Rulesets - SYSTEM, I see the following:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
But on the "What's ABE?" page, it says all of the following (please scroll in the box below):

Code: Select all

ABE rules, whose syntax is defined in this specification (pdf), are quite simple and intuitive, especially if you are familiar with firewall policies:

# This one defines normal application behavior, allowing hyperlinking
# but not cross-site POST requests altering app status
# Additionally, pages can be embedded as subdocuments only by documents from
# the same domain (this prevents ClickJacking/UI redressing attacks)
Site *.somesite.com
Accept POST SUB from SELF https://secure.somesite.com
Accept GET
Deny

# This one guards logout, which is foolish enough to accept GET and
# therefore we need to guard against trivial CSRF (e.g. )
Site www.somesite.com/logout
Accept GET POST from SELF
Deny

# This one guards the local network, like LocalRodeo
# LOCAL is a placeholder which matches all the LAN 
# subnets (possibly configurable) and localhost
Site LOCAL
Accept from LOCAL
Deny

# This one strips off any authentication data
# (Auth and Cookie headers) from requests outside the
# application domains, like RequestRodeo
Site *.webapp.net
Accept ALL from *.webapp.net
Anonymize

# This one allows Facebook scripts and objects to be included only
# from Facebook pages
Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)
So, is my simple SYSTEM script in ABE missing all these lines? Should I just copy and paste them into SYSTEM in ABE?

Thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)
Top
Guest

Re: Is my ABE set up right? Am I missing some ABE lines?

Post by Guest »

These are examples if you want to write your own rules. You'd think "somesite.com" would be a giveaway.
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Top
User avatar
glnz
Junior Member
Posts: 25
Joined: Sat Sep 04, 2010 12:43 pm

Re: Is my ABE set up right? Am I missing some ABE lines?

Post by glnz »

Now, Guest, don't be snide. I was wondering whether "somesite.com" was a code word for any site. Esp. as the few lines I do have are also in those samples on the "What's ABE?" page.

So those samples have to be customized for individual sites, by replacing "somesite.com" with, for example, "bankofamerica.com"? Is that really practical?

Or am I missing something?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 3.5.30729)
Top
Alan Baxter
Ambassador
Posts: 1586
Joined: Fri Mar 20, 2009 4:47 am
Location: Colorado, USA

Re: Is my ABE set up right? Am I missing some ABE lines?

Post by Alan Baxter »

glnz wrote:Do I have my ABE set up correctly? When I go to Options - Advanced - ABE and click on Rulesets - SYSTEM, I see the following:

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
That's the default. Your ABE is set up correctly.

Personally, I run with just the default ABE settings. See http://noscript.net/faq#qa8_10, ABE's other entries in the FAQ, and the examples you've already seen if you want to do more.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Top
Post Reply

Return to “NoScript Support”