[UNRELATED] Strange ABE googleapis deny

[Shambler]

I have .googleapis.com locked down with ABE, but on this site, I am getting strange ABE denies:
http://research.stlouisfed.org/fred2/graph/

I have the following test ABE rule (the one I actually use is bigger, but using this one for debugging):

Code: Select all

Site .googleapis.com
Accept ALL from SELF
Accept ALL from SELF+
Accept ALL from SELF++
Accept ALL from .stlouidfed.org
Accept ALL from .googleapis.com
Accept ALL from LOCAL
Deny

This is the error I get in the web console:

Code: Select all

[ABE] <.googleapis.com> Deny on {GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js <<< http://research.stlouisfed.org/fred2/graph/# - 2}
USER rule:
Site .googleapis.com
Accept ALL from SELF
Accept ALL from SELF+
Accept ALL from SELF++
Accept ALL from .stlouidfed.org
Accept ALL from .googleapis.com
Accept ALL from LOCAL
Deny

I don't understand why that is getting denied? I've been through the ABE documentation and tried as many different rules as I can, and all that works is 'Accept ALL' on its own, or removing 'Deny'.

[Thrawn]

You've mistyped 'stlouisfed' as 'stlouidfed'

You also have redundant clauses in that rule, but they're not the problem, they're just a waste of space.

Try this:

Code: Select all

Site .googleapis.com
Accept from SELF++ .stlouisfed.org
Accept from LOCAL
Deny

By the way, do you really need to allow access from LOCAL? Unless you have a local server running on your network, it shouldn't be needed.

[Shambler]

Oops that typo is unfortunate, as the problem occurs even when typed properly:

Code: Select all

[ABE] <.googleapis.com> Deny on {GET https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.12/jquery-ui.min.js <<< http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.12/jquery-ui.min.js, http://research.stlouisfed.org/fred2/graph/ - 2}
USER rule:
Site .googleapis.com
Accept from SELF++ .stlouisfed.org
Accept from LOCAL
Deny

The SELF/LOCAL etc. parts are all redundant, yes; I put them in just to try out different things that may fix unseen issues.

[Thrawn]

I can't reproduce this. I've added the abovementioned ABE rule (shorter version) and whitelisted http://ajax.googleapis.com and http://research.stlouisfed.org, but I get no ABE error or message.

Can you post the exact steps that you're following?

[Shambler]

Ah interesting, this seems to be a problem with the HTTPS Everywhere plugin:
https://www.eff.org/https-everywhere

When I enable that with these ABE rules, the graph tool breaks, but when I have it disabled, it works fine.

The strange thing is, I've looked thoroughly at the HTTPS Everywhere ruleset, and I can't see anything which points to the graph tool website; that's really odd.

Any idea why this may be conflicting with HTTPS Everywhere?

[Shambler]

Ah, disabling Google API's in HTTPS Everywhere fixes this; I've let the HTTPS Everywhere guys know.