Whitelisting whole site with all referenced domains?

[Anakunda]

HI.
I have slight problem with one site letitbit.net. Whenewer I submit request for download link, I get the green wheel spinning for infinite. Then I click to NS icon and there's usually one not whitelisted domain with IP form like 123.123.123.55, whitelisting it and resubmitting the request shows a valid link already.
But next time I come for another download, the problem repeats with the difference blocked domain is another IP address. So I have to again permanently allow it and resubmit, this is quite annoying. So I'd need to say NoScript that it should allow all domains with IP format referred from letitbit.net, or simply allow all domains from letitbit.net, or allow me to whitelist a IP range. I found no one of this choices in NS settings. Any advices?

[Tom T.]

I have slight problem with one site letitbit.net. Whenewer I submit request for download link, I get the green wheel spinning for infinite. Then I click to NS icon and there's usually one not whitelisted domain with IP form like 123.123.123.55,

I hate when they do that, instead of the usual alphabetical domain name. I have no idea what that number is.

Fortunately, each of the two sites I use that do that always point to the same (respective) numerical IPs. So yes, if you know what the IPs will be, you can whitelist them, as I did. Just open NS Options > Whitelist, and type in what shows, such as http://12.345.67.89 and the others.

But next time I come for another download, the problem repeats with the difference blocked domain is another IP address.

Yuk.

So I have to again permanently allow it and resubmit, this is quite annoying. So I'd need to say NoScript that it should allow all domains with IP format referred from letitbit.net, or simply allow all domains from letitbit.net, or allow me to whitelist a IP range. I found no one of this choices in NS settings. Any advices?

I just double-checked trying to whitelist an IP range for one of those sites I mentioned above, example: http://12.345.67.* instead of the actual. NoScript was fine with it, but the site wasn't. It still put a request in NS menu to allow the specific IP.

So, we use ABE. Please gather as much info as you can about which sites or IP ranges letitbit refers to, then please read Site-Specific-Permission Questions? PLEASE READ THIS FIRST! and the FAQ linked from there.

This should enable you to write a custom rule to do what you need. If you are unable, please post back with as much information as possible, and we'll help you write it.

Please note that you can copy the list of scripts in the open NS Menu by right-clicking an empty area of the open menu. Or r-click on a single script name, to copy that one only. Saves typing.


(before anyone nit-picks: yes, I deliberately used an invalid IP address for the example...)

[Anakunda]

Now I have collected 3 dynamically generated sites required to proceed to download link:

78.140.170.220
78.140.184.132
78.108.178.66

Then I need auto allow all IP ranges to 78.*.*.* from letitbit.net
I have watched WhoIS which says the whole IP range 78.0.0.0 - 78.255.255.255 is reserved to certain ISP (not my ISP).
I'm trying to whitelist 78.*.*.* in NS preferences, but it won't allow me to add the subnet mask as soon as I write the asterisk, what should I do?

[Tom T.]

Now I have collected 3 dynamically generated sites required to proceed to download link:

78.140.170.220
78.140.184.132
78.108.178.66

Then I need auto allow all IP ranges to 78.*.*.* from letitbit.net.

No, only those involved. Adding later will be easy.

I'm trying to whitelist 78.*.*.* in NS preferences, but it won't allow me to add the subnet mask as soon as I write the asterisk, what should I do?

As mentioned, read Site-Specific-Permission Questions? PLEASE READ THIS FIRST!, but I'll give you the quickie:

1) Less safe: enter each full address in NS Whitelist. Add others as they show up. Done.

2) Safer: Do that, but also:

Open NoScript Options > Advanced > ABE.
Ensure that "Enable ABE" is checked.
In the left pane, click USER
In the right pane, underneath "# User-defined rules. Feel free to experiment here." copy/paste the following:

Code: Select all

# letitbit rule (that's just a comment for your own use. You can use anything; the # tells ABE it's comments, not code.) 
Site 78.140.170.220 78.140.184.132 78.108.178.66
Accept from .letitbit.net
Deny

Click the Refresh button, so that the syntax-checker will check for errors. If nothing turns red and no error messages, click OK.

Check the site, and see if it works.

The purpose of this is to allow those sites *only* at letitbit, and not anywhere else on the planet. Much safer than the first way, yes?
(Clearly, you trust letitbit, of course - I'm not familiar with them.)

To add more IP addresses, be sure to leave exactly one blank space between addresses, as above. Don't worry about length -- a scroll bar will appear as needed.

If you want to try wild-carding at any level, e. g. 78.140.*.*, or even 78.*.*.*
then yes, ABE will accept it. Refresh > OK. Check the site.

But that's an awful lot of IPs to allow, especially with the entire 78.* domain -- the site might call numerically-based ad agencies, data-miners, etc.
So it's your choice, but so long as the IPs don't become too many, I'd go with individuals.
It's a shame that they don't confine the range to the last octet (you'd think they would), or even to the last two.

Wow, they're scattering them around. Gibraltar, Netherlands, Czech Republic .... I get a little spooked at island-based sites and IPs, unless you live on the island of Gibraltar....

The other possible fine-tuning is if you can identify a subdomain of letitbit.net that makes the call. In NS Options > Appearance, in addition to Base 2nd Level domains (letitbit.net), you could check also Full Domains and/or Full Addresses.
So if the menu shows which subdomain(s) you need to whitelist, then they can also be used in the ABE rule.

For example, I use Yahoo Mail, but don't use their other services much, at least to the extent that I don't need their scripting.
So I remove from default whitelist

yahoo.com and
yimg.com,

and replace with
mail.yahoo.com
mail.yimg.com

... and mail works well, while cutting down on the total number of scripts running. Just a thought, if it works at that site.

Let us know how this works for you.

One last idea: Consider using RequestPolicy, which will show the source and destination of all cross-site requests, at whatever level of precision you set. This may help to fine-tune the ABE rule.

[Tom T.]

I searched the forum and found a tip for whitelisting octets in NoScript:
Leave out the wildcard(s) and the dots before them.

78.140

NoScript Whitelist accepts this. Give it a try, although I'm still nervous about allowing such a large range.

[Anakunda]

Thanks, I'll try both methods and will report if it works.

[Anakunda]

I have used the ABE script:

Code: Select all

# letitbit rule
Site 78.108 78.140
Accept from .letitbit.net
Deny

which doesnot seem to work. I still get new unexplored IPs. Seems that those only are from ranges 78.108.*.* and 78.140.*.*
Putting 78.108 and 78.140 right into whitelist doesnot seem to work either
What only works is to temporarily allow scripts globally, after getting the link disable back, which is a bit uncomfortable.
What did I wrong?

[Tom T.]

I have used the ABE script:

Code: Select all

# letitbit rule
Site 78.108 78.140
Accept from .letitbit.net
Deny

which doesnot seem to work. I still get new unexplored IPs. Seems that those only are from ranges 78.108.*.* and 78.140.*.*
Putting 78.108 and 78.140 right into whitelist doesnot seem to work either
What only works is to temporarily allow scripts globally, after getting the link disable back, which is a bit uncomfortable.
What did I wrong?

Did you try making the whitelist entries *without* any ABE rule? You need to do that anyway, including when you use ABE. Try whitelisting without an ABE rule.
Does the site work now?

I was using Giorgio's tip that was linked above, but if that whitelist doesn't work, please try:

Code: Select all

http://78.140
http://78.108 

or just

Code: Select all

http://78

That is in NoScript Options > Whitelist. When done, click OK.
If you then do *nothing* with ABE, the sites should work.

The reason for using ABE is so those permissions are granted *only* to letitbit, and nowhere else. BUT: ABE cannot loosen NoScript's permissions; it can only tighten them. So you *must* whitelist the desired IP addresses, or ranges, first, before using ABE.

The syntax (code method) in ABE is slightly different. in ABE, if you do not list all of the full IPs as I did in my previous rule, you must use the dot as a wildcard for what would follow it:

Code: Select all

Site 78.108. 78.140. 
Accept from .letitbit.net
Deny

Please try that.

If that doesn't work, we'll get fancy:

Code: Select all

Site ^https?://78\.108|140
Accept from .letitbit.net
Deny

This is a "regular expression" that should match any IP address, whether preceded by HTTP or HTTPS, which has 78 as the first octet, and either 108 or 140 as the second octet.

Please let us know if any of these work for you, thanks.

[Anakunda]

Thanks. I whitelist all forms of

78
78.140
78.108
http://78
http://78.140
http://78.108

NS still asks for permission to certain IP address ->



ABE script won't resolve it either regardless if used alone or together with whitelist entries, however shows this additional message:



The ABE script is this:

Code: Select all

# letitbit rule
Site 78 78.108 78.140 http://78 http://78.108 http://78.140
Accept from .letitbit.net
Deny

From AdBlock panel of blockable elements I found the entry blocked by NoScript which from the full URL gives clear that it's required to get download link:

http://78.108.178.247/d/08f966dec4a6553283a7fe7418a0/intel_wifi_15.1.0.18_win7_64bit.rar?e=1334135428&s=51200&p=CgwaTV4%2FCxEiGkd2GRQnHQ%3D%3D&uuid=01602.08f966dec4a6553283a7fe7418a0&pin=724103let&ext=&ip=214.39.14.16&st=nbBylD70DgXodu_W6dPgXg&check=1&callback=jQuery17105342915659305231_1334049024726&_=1334049092804

It looks that each download gets script to generate download link from it's unique IP address. Can you confirm the same problem with NoScript? The testdownload link is: http://letitbit.net/download/01602.08f966dec4a6553283a7fe7418a0/intel_wifi_15.1.0.18_win7_64bit.rar.html

[Tom T.]

I got a little nervous when it asked to redirect to another site, and RequestPolicy add-on shows requests to several different.ru sites.
It also asks to run script from a11.ru, and NoScript blocks script from

Code: Select all

http://3pop.info/c/let404.php

apparently a 404 Not Found error message.

However, once I temporarily allowed letitbit.net at your Test link, clicking Download takes me to

Code: Select all

http://www.wxdownloadmanager.com/let/

Clicking that indeed offers to download "FastDownload.exe".

Apparently, every single download from this site generates, or leads to, a different site where the download is actually hosted. The 78. domain belongs to Russian Federation, but the wxdownloadmanager.com is in Germany.

So I think that you might have to allow scripting at each different site for each download.

This is becoming quite confusing. As an experiment, please try adding the URL in your screenshot, 78.108.178.247, to your NoScript whitelist, *remove any ABE rules", then restart the browser, and see if you can do that exact same download again -- the one that points to this numerical IP -- without having to give additional NoScript permissions. If other items show in the menu, please post them.

NOTE that you can copy the open NoScript menu by right-clicking on any empty area of it, then paste it here. This saves typing.

We need to get at least one success, so that we know what works, then we'll go from there.

My session here is almost over, but if no one else steps in to help you, I should be back within 24 hours or less.
Thank you for your patience.

[Anakunda]

However, once I temporarily allowed letitbit.net at your Test link, clicking Download takes me to

Code: Select all

http://www.wxdownloadmanager.com/let/

Clicking that indeed offers to download "FastDownload.exe".

Try this with 'Download on slow speed'

As an experiment, please try adding the URL in your screenshot, 78.108.178.247, to your NoScript whitelist, *remove any ABE rules", then restart the browser, and see if you can do that exact same download again -- the one that points to this numerical IP -- without having to give additional NoScript permissions. If other items show in the menu, please post them.

Tested this, whitelisting the single IP expectedly works and proceeds to download link. In this case I got no additional sites to ask for permissions.
But giving an incomplete IP seems not to work. It's a pitty that site gives for each download another IP which is furthermore known not sooner than after typing captcha, so that there's twice waiting time & twice writing captcha.

[Tom T.]

However, once I temporarily allowed letitbit.net at your Test link, clicking Download takes me to

Code: Select all

http://www.wxdownloadmanager.com/let/

Clicking that indeed offers to download "FastDownload.exe".

Try this with 'Download on slow speed'

I'm sorry, I didn't see a setting for "Download on slow speed". Where would I find that?
I'm referring to the wxdownloadmanager web site. Did you mean this one, or the home page at letitbit.net?

As an experiment, please try adding the URL in your screenshot, 78.108.178.247, to your NoScript whitelist, *remove any ABE rules", then restart the browser, and see if you can do that exact same download again -- the one that points to this numerical IP -- without having to give additional NoScript permissions. If other items show in the menu, please post them.

Tested this, whitelisting the single IP expectedly works and proceeds to download link. In this case I got no additional sites to ask for permissions.
But giving an incomplete IP seems not to work.

To confirm: You've removed all ABE rules for this site, and we are now testing only the NoScript whitelist, correct?

I conducted the following test at a site I use, which uses numerical IP. Let's call the IP 12.34.56.78, which has always been in my whitelist.
I delete this IP from whitelist.

Replacing it with 12.34.56, I go back to the site. It works.
(Remember to click Allow on the new entry, and OK on the NoScript GUI, before closing the GUI.)

I leave, delete the above whitelist entry, and replace it with:
12.34
I go back to the site, and it works.

I leave, delete the above whitelist entry, and replace it with
12
I go back to the site, and it does *not* work.

So we conclude that NoScript will allow wildcards for the third or fourth octet, but not for the second.
In other words, 78 won't work, but
78.140 and 78.108 should work for all sites with those first two octets.

Please try this.

Also, can you point me to some specific downloads that use those two sets of first two octets, so I can try for myself?

It's a pitty that site gives for each download another IP which is furthermore known not sooner than after typing captcha, so that there's twice waiting time & twice writing captcha.

When did you have to enter the captcha? I didn't have that at your test link. Again, please provide exact URLs and steps for me to reproduce your experience.

Thank you for your patience.

[Anakunda]

To confirm: You've removed all ABE rules for this site, and we are now testing only the NoScript whitelist, correct?

Yes

So we conclude that NoScript will allow wildcards for the third or fourth octet, but not for the second.
In other words, 78 won't work, but
78.140 and 78.108 should work for all sites with those first two octets.

I tried this but unfortunately can't confirm that. I made sure that the specific IP (78.108.178.247) is still bound to this download. But for me it only works if I have blacklisted the IP in full form, ie. no wildcarding. It doesnot work even for 4th octet (78.108.178) -> spinning wheel and Noscript asking for permission to 78.108.178.247. No ABE rules used.

Also, can you point me to some specific downloads that use those two sets of first two octets, so I can try for myself?

It's a pitty that site gives for each download another IP which is furthermore known not sooner than after typing captcha, so that there's twice waiting time & twice writing captcha.

When did you have to enter the captcha? I didn't have that at your test link. Again, please provide exact URLs and steps for me to reproduce your experience.

Try the test link again: http://letitbit.net/download/01602.08f966dec4a6553283a7fe7418a0/intel_wifi_15.1.0.18_win7_64bit.rar.html
Don't forget to allow letitbit.net first. Then use the Download on slow speed link (as on the screenshot), then you should get a countdown, after it's end a captcha shows. After filling in the captcha, if everything is allowed there should be a clickable download link, if not, there shows a wheel spinning forever.

[Tom T.]

So we conclude that NoScript will allow wildcards for the third or fourth octet, but not for the second.
In other words, 78 won't work, but
78.140 and 78.108 should work for all sites with those first two octets.

I tried this but unfortunately can't confirm that. I made sure that the specific IP (78.108.178.247) is still bound to this download. But for me it only works if I have blacklisted the IP in full form

Blacklisted? Do you mean, whitelisted? If this wasn't a typo (or translation error, but your English is excellent), please do *not* blacklist any of these. (Meaning, don't mark them as untrusted.)

When did you have to enter the captcha? I didn't have that at your test link. Again, please provide exact URLs and steps for me to reproduce your experience.

Try the test link again:http://letitbit.net/download/01602.08f9 ... t.rar.html
Don't forget to allow letitbit.net first. Then use the Download on slow speed link (as on the screenshot), then you should get a countdown, after it's end a captcha shows. After filling in the captcha, if everything is allowed there should be a clickable download link, if not, there shows a wheel spinning forever.
<snip, so to not duplicate picture>

Aha! I think I know why I can't duplicate your test. That download is specific to Windows 7 64-bit, or at least, to 64-bit Windows. The site undoubtedly detects my 32-bit Windows XP, and *that* is why it keeps trying to redirect me to a "404 - Page Not Found" error page.

So, could you please find a download that uses the 78. domain, but is compatible with Windows XP 32-bit?
I'm sorry that I don't have access to all versions, but we are unpaid volunteers here, so I can't afford to buy every new operating system that comes out.

Why do they use captcha? I see the "premium membership", but must I be any kind of member to use the site?
Or is it like our forum, where registered users can login immediately, but guest users must do the captcha?
I didn't get a captcha at the wxdownloadmanager site earlier in our discussion. It downloaded right away.

Thank you again for your patience. We *will* get this solved, but I need to experience exactly what you experience.

[Anakunda]

I mean whitelisting ofcourse , it was mistype, sorry. And about the sample link, it's no matter what it is, the site doesnot make any platform specific decisions, it's just hosting files that someone uploads there. Here's another test link: http://letitbit.net/download/97843.950caacb19297ed080e3d79d57cf/Elantech_Touchpad_10.6.9.9.rar.html