blocking cloudfront

[bobblinkyo]

Since I am not familiar with regex, can someone show me how to configure noscript (currently 2.6.8.5 on my Linux box) to automatically disallow any URL ending in cloudfront.net (or cloudfront.*)?

Thanks in advance,

[therube]

If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.

[barbaz]

As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work. But if you really want to block cloudfront.net with NoScript, try this:
Add the following rule to your USER ABE ruleset, on top:

Code: Select all

Site .cloudfront.net
# this is where an Accept line would go should you decide to allow cloudfront on a per-site basis
Deny

for cloudfront.*, use this instead:

Code: Select all

Site ^[A-Za-z-]+://(?:[^:/]+\.)?cloudfront\.[^\.]+[^0-9A-Za-z_\.%-]
Deny

[bobblinkyo]

If NoScript is running, & at its defaults, JavaScript is blocked from all sites not specifically Allowed (there are some sites defaulted to Allow).

So unless you specifically allow cloudfront.*, JavaScript is blocked from those sites.

And if you have not done that, then there is nothing more for you to do.

Thanks for the tip. Noscript is running and cloudfront is being blocked, but when I see the yellow bar at the bottom of the browser appear, then I always check to see which scripts are allowed to run. This to ensure that I have complete functionality of the website (but without the malware). Blocking cloudfont completely is just a convenience for me.

[bobblinkyo]

@barbaz

As someone who tried to do the same thing, I can tell you that this is a bad idea unless you really know what you're doing and you're prepared for many sites to not work.

Well, I don't want to make a lot of trouble for myself, but up to now, but allowing Noscript to block cloudfront, I have not noticed anything broken about the websites visted.

--What experiences have you made that suggests that this is a bad idea??

TIA

[barbaz]

--What experiences have you made that suggests that this is a bad idea??

Try listening to any radio stream on tunein.com - you'll find that it requires cloudfront.net allowed (both script & requests).
Also, on bitbucket (and many other sites) everything is totally messed up (mainly CSS) without allowing requests to cloudfront.net.

Best practice with cloudfront.net is to script-allow subdomains as needed, otherwise leave it alone. You could additionally block it as I suggested above but if you do that, expect to be adding exceptions for some sites.

[Thrawn]

As therube said, there shouldn't be any need to block cloudfront specifically. It's blocked by default, like everything else.

Even if you use Scripts Globally Allowed mode, you can still mark cloudfront.net as Untrusted.

What more do you need?