Am I understanding these ABE rules correctly?

[vgoevuzu]

After reading some documentation on how ABE works, my understanding is that I can use ABE to block cross-site requests. That is, I can prevent any connections whatsoever to third-party domains of my choosing (e.g., facebook.com). Using ABE like this to prevent this connection would not just block scripts emanting from the third-party site, it would block everything emanting from the third-party site (e.g., images, stylesheets, fonts, etc).

As an example, I could configure ABE to block facebook.com and then if I navigate to another website (e.g., www.cnet.com) that normally makes a request for data from facebook.com, this request will be blocked by ABE and facebook.com will never receive that request and will never know to send any data to my computer. Do I understand this correctly?

Is this rule doing what I describe above?

Code: Select all

Site facebook.com *.facebook.com
Deny INCLUSION

Site facebook.com *.facebook.com = identifies the website "facebook.com" and all websites that have "facebook.com" as the top-level domain (e.g., some.facebook.com, some.some.facebook.com).

Deny INCLUSION = says to deny all connections to facebook.com and *.facebook.com unless facebook.com is the top-level domain (e.g., which would be the case if I have purposely typed facebook.com into Firefox's URL address bar). Am I understanding this accurately?

[Thrawn]

Yes, you're correct, and well done .

All that I would suggest is to use the 'leading dot' wildcard (which does what you want) instead of asterisk:

Code: Select all

Site .facebook.com
Deny INC

[GµårÐïåñ]

I just would add the recommendation to include FB's other domains as well. Like fbcdn.net as well. There is also a special purpose subdomain on akamaihd as well that you might consider including. It doesn't ALWAYS ask the main FB domain. Otherwise, yeah it will do what you described.

[fxx]

If I understood correctly, this rule would only work if you don't use facebook yourself and want it blocked, but then you wouldn't need ABE, ordinary blocking would suffice, right?

If you do use facebook, you might want to use the rules from the ABE manual itself:

Code: Select all

Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INCLUSION(SCRIPT, OBJ, SUBDOC)

Or be more strict and block all possible inclusions:

Code: Select all

Site .facebook.com .fbcdn.net
Accept from .facebook.com .fbcdn.net
Deny INC

[GµårÐïåñ]

These rules allow you to use Facebook ON Facebook and no where else. Meaning just because you allow it on Facebook, it can't track you on other sites that embed FB stuff. So this rule applies to those who want to use Facebook on Facebook only and nowhere else.

If you are not using it all, you can just block them as usual and you'd be fine. Although since NS only blocks scripting, you might need to block their embedded objects with Adblock Plus rules or Ghostery or Abine or such, but the SCRIPTING will be crippled by NS unless you allow it, correct. You can also ensure COMPLETE blockage of Facebook EVERYWHERE by allowing them in NS front end and then writing a rule for ABE that blocks them COMPLETELY everywhere, then you wouldn't need third party addons to accomplish it.

Hope that helps clear it up.