I am using a local server that serves up a dummy image whenever the hosts file redirects a site to 127.0.0.1 so that when content is blocked, you can see the dummy image in the browser to let you know something was blocked.
The problem I am having is that with ABE enabled, ABE sees the request as a LOCAL request from an non-local site, and rejects the request by the default SYSTEM rule:
[ABE] <LOCAL> Deny on {GET http://blockedsite.com/ <<< http://www.requestingsite.com/whatever.html - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
This prevents the dummy image from being displayed on pages, and worse - if you clink on a link to blocked content, nothing happens at all (it should take you the blocked content image).
I know I can't write a USER rule to get around this, but would adding the following SYSTEM rule before the default LOCAL rule hurt anything, or open me up to anything?
Site 127.0.0.1
Accept GET
Deny
It fixes the problem by allowing the requests to 127.0.0.1 to display the blocked content dummy image, but I am concerned I might be missing something.
Thanks!
ABE with local server that replaces block site with image
ABE with local server that replaces block site with image
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0
Re: ABE with local server that replaces block site with imag
It should be safe enough, and good work figuring out how and where to add the exception .
If you want to tighten it a bit further, you could replace 'GET' with 'INCLUSION', to ensure that this only applies to attempts to load resources, not eg redirections. No big deal if your local server is just serving a dummy image for all requests, though. You could even make it 'INCLUSION(IMAGE)', but then you wouldn't get a placeholder for scripts, CSS, frames, etc - up to you. If you're curious, then the ABE rules document, section 1.2, describes the allowed methods.
If you want to tighten it a bit further, you could replace 'GET' with 'INCLUSION', to ensure that this only applies to attempts to load resources, not eg redirections. No big deal if your local server is just serving a dummy image for all requests, though. You could even make it 'INCLUSION(IMAGE)', but then you wouldn't get a placeholder for scripts, CSS, frames, etc - up to you. If you're curious, then the ABE rules document, section 1.2, describes the allowed methods.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Re: ABE with local server that replaces block site with imag
Thanks for the reply.
I tried your suggestion and now have:
With this SYSTEM rule, any page with an image from a blocked site still gets the dummy image (instead of the blocked image). If I click on a link to a blocked site, or just type it in to the address bar, I get the standard ABE blocked message (yellow popup line at the top of the window), instead of being taken to a new page with just the dummy image.
Your method of using INCLUSION allows less possibility of exposure than using GET, and still solves the problem where clicking on a link to a blocked site didn't do anything. I am not sure why this rule blocking the link yields the standard ABE popup error message, where the default Site LOCAL rule doesn't - but I guess that doesn't really matter to me.
Thanks again for the feedback!
I tried your suggestion and now have:
Code: Select all
Site 127.0.0.1
Accept INCLUSION(IMAGE)
Deny
Your method of using INCLUSION allows less possibility of exposure than using GET, and still solves the problem where clicking on a link to a blocked site didn't do anything. I am not sure why this rule blocking the link yields the standard ABE popup error message, where the default Site LOCAL rule doesn't - but I guess that doesn't really matter to me.
Thanks again for the feedback!
Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0