ABE prevents local links

Discussions about the Application Boundaries Enforcer (ABE) module
alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

ABE prevents local links

Post by alexo » Fri Apr 07, 2017 5:41 pm

When trying to click on links from a Tomcat page on a computer on the local network, I get the following:

Code: Select all

[ABE] < LOCAL> Deny on {GET http://ComputerName:8080/manager/status <<< http://ComputerName:8080/ - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Where "ComputerName" is a machine on the LAN.

How do I fix it?
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

barbaz
Senior Member
Posts: 9266
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 6:01 pm

NoScript Options > Advanced > ABE, add at the very top of SYSTEM

Code: Select all

Site ComputerName:8080
Accept from ComputerName:8080
*Always* check the changelogs BEFORE updating that important software!
-

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Fri Apr 07, 2017 9:07 pm

For each machine on our corporate network? I am pretty sure this is not how it's supposed to work.
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0

barbaz
Senior Member
Posts: 9266
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 9:16 pm

If ComputerName resolves both to an IP that falls under LOCAL *and* to an IP that doesn't fall under LOCAL, ABE might be expected to block ComputerName from redirecting to itself.

Does the ABE rule change get it working?
*Always* check the changelogs BEFORE updating that important software!
-

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Fri Apr 07, 2017 10:36 pm

Yes, the change makes it work.

Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0

barbaz
Senior Member
Posts: 9266
Joined: Sat Aug 03, 2013 5:45 pm

Re: ABE prevents local links

Post by barbaz » Fri Apr 07, 2017 10:43 pm

alexo wrote:Yes, the change makes it work.
Image

Do you have some sort of deployment software for all your corporate machines?
alexo wrote:Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?
Likely yes, but I don't know the details of how ABE handles IPv6 addresses, sorry.
*Always* check the changelogs BEFORE updating that important software!
-

alexo
Junior Member
Posts: 23
Joined: Fri Nov 27, 2009 5:58 pm

Re: ABE prevents local links

Post by alexo » Sat Apr 08, 2017 6:30 am

barbaz wrote:Do you have some sort of deployment software for all your corporate machines?
IT handles it.
barbaz wrote:
alexo wrote:Further investigation shows that that machine does not have an IPv4 address for some reason, only IPv6. Can that be the reason?
Likely yes, but I don't know the details of how ABE handles IPv6 addresses, sorry.
I'd say it's a bug then.
Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0

Post Reply