[RESOLVED] NoScript Trying To Connect to PIX Box Port 80

[TomPIX]

When starting Firefox 20.0.1 with NoScript 2.6.6.1, apparently NoScript attempts to connect to port 80 (www) on the inside interface of our Cisco PIX firewall. We see a flood of TCP packets to the PIX box and the PIX denies each request. NoScript seems to try around 9 times and then gives up. This happens each time Firefox is started and then repeats every 4 hours after it is was started. We determined that it was NoScript by turning off all add-ons until the PIX box started getting flooded. On the other hand, we have several other PCs with the same configuration where we do not see this behavior. Any ideas why NoScript is doing this? Below is the error from the PIX log. The xxx info is the IP address of the outside interface of the PIX. Clearly this attempt to connect by NoScript doesn't make any sense since NoScript is trying to connect to port 80 on the inside interface using an outside interface IP address. Any help suggestions would be appreciated. Thanks. Tom.

3|May 23 2013|01:47:11|710003|192.168.1.9|57361|xxx.xxx.xxx.xxx|80|TCP access denied by ACL from 192.168.1.9/57361 to inside:xxx.xxx.xxx.xxx/80

[GµårÐïåñ]

That would be the NoScript Options|Advanced Tab|ABE Tab|WAN IP Checkbox if that is checked, it will try to reach the NoScript website so that it can determine what the local address is for you and that way secure it using the LOCAL rule inside ABE. Hope this helps, if you want that to stop, simply uncheck that box and you will no longer get the TCP packet traffic.

[TomPIX]

That would be the NoScript Options|Advanced Tab|ABE Tab|WAN IP Checkbox if that is checked, it will try to reach the NoScript website so that it can determine what the local address is for you and that way secure it using the LOCAL rule inside ABE. Hope this helps, if you want that to stop, simply uncheck that box and you will no longer get the TCP packet traffic.

Thanks very much. I spent hours tracking down the source of this PIX traffic and then missed that WAN IP box on the ABE tab. Tom

[GµårÐïåñ]

Not a problem Tom, I deal with Cisco routers, switches, ASA (the new hardware for your PIX 500 series) and work with ACLs on a regular basis and often monitor the network using WireShark, so I knew likely where you were getting that from, glad you got it resolved and that now you know for the future. Don't worry, sometimes the simplest of the causes are the easiest to miss.