Page 1 of 1
[UNRELATED] Strange ABE googleapis deny
Posted: Tue May 28, 2013 12:00 pm
by Shambler
I have .googleapis.com locked down with ABE, but on this site, I am getting strange ABE denies:
http://research.stlouisfed.org/fred2/graph/
I have the following test ABE rule (the one I actually use is bigger, but using this one for debugging):
Code: Select all
Site .googleapis.com
Accept ALL from SELF
Accept ALL from SELF+
Accept ALL from SELF++
Accept ALL from .stlouidfed.org
Accept ALL from .googleapis.com
Accept ALL from LOCAL
Deny
This is the error I get in the web console:
Code: Select all
[ABE] <.googleapis.com> Deny on {GET http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js <<< http://research.stlouisfed.org/fred2/graph/# - 2}
USER rule:
Site .googleapis.com
Accept ALL from SELF
Accept ALL from SELF+
Accept ALL from SELF++
Accept ALL from .stlouidfed.org
Accept ALL from .googleapis.com
Accept ALL from LOCAL
Deny
I don't understand why that is getting denied? I've been through the ABE documentation and tried as many different rules as I can, and all that works is 'Accept ALL' on its own, or removing 'Deny'.
Re: Strange ABE googleapis deny
Posted: Wed May 29, 2013 3:20 am
by Thrawn
You've mistyped 'stlouisfed' as 'stlouidfed'
You also have redundant clauses in that rule, but they're not the problem, they're just a waste of space.
Try this:
Code: Select all
Site .googleapis.com
Accept from SELF++ .stlouisfed.org
Accept from LOCAL
Deny
By the way, do you really need to allow access from LOCAL? Unless you have a local server running on your network, it shouldn't be needed.
Re: Strange ABE googleapis deny
Posted: Wed May 29, 2013 2:07 pm
by Shambler
Oops
that typo is unfortunate, as the problem occurs even when typed properly:
Code: Select all
[ABE] <.googleapis.com> Deny on {GET https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.12/jquery-ui.min.js <<< http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.12/jquery-ui.min.js, http://research.stlouisfed.org/fred2/graph/ - 2}
USER rule:
Site .googleapis.com
Accept from SELF++ .stlouisfed.org
Accept from LOCAL
Deny
The SELF/LOCAL etc. parts are all redundant, yes; I put them in just to try out different things that may fix unseen issues.
Re: Strange ABE googleapis deny
Posted: Wed May 29, 2013 9:29 pm
by Thrawn
I can't reproduce this. I've added the abovementioned ABE rule (shorter version) and whitelisted
http://ajax.googleapis.com and
http://research.stlouisfed.org, but I get no ABE error or message.
Can you post the exact steps that you're following?
Re: Strange ABE googleapis deny
Posted: Fri May 31, 2013 2:39 pm
by Shambler
Ah interesting, this seems to be a problem with the HTTPS Everywhere plugin:
https://www.eff.org/https-everywhere
When I enable that with these ABE rules, the graph tool breaks, but when I have it disabled, it works fine.
The strange thing is, I've looked thoroughly at the HTTPS Everywhere ruleset, and I can't see anything which points to the graph tool website; that's really odd.
Any idea why this may be conflicting with HTTPS Everywhere?
Re: Strange ABE googleapis deny
Posted: Fri May 31, 2013 2:45 pm
by Shambler
Ah, disabling Google API's in HTTPS Everywhere fixes this; I've let the HTTPS Everywhere guys know.