SELF designates "the same sites as the destination", and it makes sense only in a from clause.
For instance,
Code: Select all
Site https://mail.myorganization.com https://private.myorganization.com
Accept from SELF
Deny
means that my mail server and my "private" server will accept requests from themselves only (i.e. will not allow other sites to link them for CSRF).
Code: Select all
Site *.somesite.com
Accept POST SUB from SELF https://secure.somesite.com
Deny
means that every subdomain of somesite.com (*.somesite.com) accept POST and framed request from themselves and
https://secure.somesite.com, i.e.
http://www.somesite.com >>>
http://www.somesite.com is OK,
https://secure.somesite.com >>>
http://www.somesite.com is OK, but
http://mail.somesite.com >>>
http://www.somesite.com will fail just like
http://evil.com >>>
http://www.somesite.com.
Code: Select all
Can I write the following and it mean 'allows all behavior from *.eye.fi to my local computer
Your local computer and LAN is conveniently represented by the LOCAL placeholder.
However if you've got no web application running there it doesn't make much sense:
means that web applications running inside your LAN (including your own computer) will accept all kind of HTTP requests originated from *.eye.fi web pages.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)