Checked 0.5 syntax docs and queried forum here. Question is...
What is the order that NoScript uses to check against SYSTEM, USER and site-specific rulesets?
The 0.5 syntax docs say that within a ruleset it goes top to bottom. However, what is the order of evaluation when you have rulesets in SYSTEM, USER, and site-specific? For example, if you have a rule that would match in all three, which one is applied?
ABE order of rules regarding SYSTEM, USER, and site specific
-
diablodale
- Posts: 4
- Joined: Wed Jul 01, 2009 4:54 pm
ABE order of rules regarding SYSTEM, USER, and site specific
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)
Re: ABE order of rules regarding SYSTEM, USER, and site specific
(Not an answer, but related, Can ABE allow sub-objects, too?)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22) Gecko/20090605 SeaMonkey/1.1.17
-
Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: ABE order of rules regarding SYSTEM, USER, and site specific
Order is the following:
So if you've got to add an "Accept" exception for a certain "Deny" rule, you need to put it higher in the same ruleset.
- SYSTEM
- USER
- WEB SUBSCRIPTION (when implemented)
- site specific
So if you've got to add an "Accept" exception for a certain "Deny" rule, you need to put it higher in the same ruleset.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
-
diablodale
- Posts: 4
- Joined: Wed Jul 01, 2009 4:54 pm
Re: ABE order of rules regarding SYSTEM, USER, and site specific
Thank you. That's clear.
I have a scenerio that affected me today that I'd like to offer. http://www.eye.fi produces a SDHC card which has a tiny WiFi transceiver in it. It allows people to use this SDHC card in a camera and it will upload the pictures in near real time to their computer. Its really fun. One part of this solution is the Eye-Fi software on the computer hosts a server on localhost 127.0.0.1 on a specific port.
When customer wants to use the admin interface, they go to http://manager.eye.fi which then has code that calls to 127.0.0.1. Using the default ABE SYSTEM ruleset causes this to fail. Given your instructions above, I added one line to the SYSTEM ruleset:
The solutions works. My only concern is that there could be frequent user driven exceptions to the ruleset like this. It tends to make me think that such exceptions would be in the USER ruleset rather than altering the SYSTEM ruleset. For me and my simple mind, the SYSTEM ruleset is a global default widesweeping protection that would be overridden by user exceptions; segmenting those rules into the SYSTEM and USER rulesets respectively.
My intention is not to rethink your architecture. Rather, how is the given architecture described in a way that allows users to naturally understand how it works and to configure it? For example, in the future when a simple UI similar to NoScripts "allow" tray icon creates these exceptions...should it put them in the USER ruleset or the SYSTEM ruleset. Given the current default SYSTEM rule, it must alter that rule. Which seems odd to me.
I have a scenerio that affected me today that I'd like to offer. http://www.eye.fi produces a SDHC card which has a tiny WiFi transceiver in it. It allows people to use this SDHC card in a camera and it will upload the pictures in near real time to their computer. Its really fun. One part of this solution is the Eye-Fi software on the computer hosts a server on localhost 127.0.0.1 on a specific port.
When customer wants to use the admin interface, they go to http://manager.eye.fi which then has code that calls to 127.0.0.1. Using the default ABE SYSTEM ruleset causes this to fail. Given your instructions above, I added one line to the SYSTEM ruleset:
Code: Select all
Site LOCAL
Accept from LOCAL
Accept ALL from *.eye.fi
DenyMy intention is not to rethink your architecture. Rather, how is the given architecture described in a way that allows users to naturally understand how it works and to configure it? For example, in the future when a simple UI similar to NoScripts "allow" tray icon creates these exceptions...should it put them in the USER ruleset or the SYSTEM ruleset. Given the current default SYSTEM rule, it must alter that rule. Which seems odd to me.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11 (.NET CLR 3.5.30729)