Page 1 of 1
ABE LOCAL rule and GetForecastFox extension
Posted: Mon Nov 19, 2012 2:21 pm
by poutnikl
I use great weather forecast FF extension Getforecastfox, based on AccuWeather data.
Configuration of extension is done by invoking page on
http://www.getforecastfox.com, JS required.
When I enabled SYSTEM LOCAL ABE rule, it stopped working, until I weakened LOCAL rule to allow access from
www.getforecastfox.com.
Currently I use the following code, but as I am newbie to ABE and HTTP internal things,
I would like if revised a/o adviced better settings.
Code: Select all
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny INC
Accept GET from www.getforecastfox.com
Deny
I used
Deny INC, as I was afraid
Accept GET may cover some activities denied by
Deny INC
P.S.: If applicable and adviced, is possible to specify which LOCAL resources can be accessed ?
Re: ABE LOCAL rule and GetForecastFox extension
Posted: Mon Nov 19, 2012 11:07 pm
by Thrawn
Good on you for tackling ABE configuration! It's a very powerful module, but can be challenging.
poutnikl wrote:
Code: Select all
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny INC
Accept GET from www.getforecastfox.com
Deny
That looks good. I would probably put Accept GET after the Accept from LOCAL, and then drop the Deny INC (just use Deny), but what you have should work fine and be more selective, so long as getforecastfox doesn't actually want to include any resources from LOCAL.
I used Deny INC, as I was afraid Accept GET may cover some activities denied by Deny INC
Yes, it allows inclusion of resources (scripts, etc), but only for requests initiated by www.getforecastfox.com, which you presumably trust. If you're sure that forecastfox doesn't need to do that, then you made the right choice
.
P.S.: If applicable and adviced, is possible to specify which LOCAL resources can be accessed ?
Yes, you certainly can specify your own rule for specific hostnames (or more likely IP addresses), and if you have lots of local addresses, that's a good idea. Make sure that it goes above the default rule, since you want it to take precedence. Eg:
Code: Select all
Site 127.0.0.1
Accept GET from www.getforecastfox.com
Deny
Site LOCAL
Accept from LOCAL
Deny
Re: ABE LOCAL rule and GetForecastFox extension
Posted: Wed Apr 02, 2014 2:17 pm
by warp-9.9
I've tried these suggested rules in ABE / SYSTEM area, as well as variations, and they do not work, none of them, at all. I must manually click "Allow" button every time I want to customize the Forecastfox extension, which actually does nothing when I click it. Banner remains, Allow button remains, configuration page not functional. Any suggestions?
Re: ABE LOCAL rule and GetForecastFox extension
Posted: Wed Apr 02, 2014 3:43 pm
by warp-9.9
Sorry for double post, I was not registered or logged in before. I have these ABE SYSTEM rules, which did not prevent the "Allow" button from appearing, and did not make the Allow button work. However, subsequently clicking the "x" to close the red banner did allow the Forecastfox customization page to work properly.
Code: Select all
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
# Allow Forecastfox customization page.
Accept GET from www.getforecastfox.com
Deny
Could this rule be modified to prevent the red warning banner with the Allow button? Is it something better suited for XSS? I want this extension to operate without so much hassle. Could you possibly see about adding a default rule for it, even if commented out at first. At least it'd be there and we could see quickly how to enable it.
Re: ABE LOCAL rule and GetForecastFox extension
Posted: Wed Apr 02, 2014 4:24 pm
by barbaz
???
"Red banner"? Doesn't sound like NoScript...
What does it actually say?
Also, any related messages in the Browser Console? (Ctrl-Shift-J)