Page 1 of 2
[RESOLVED] NoScript breaks google desktop
Posted: Wed Jul 01, 2009 7:32 am
by Morac
The ABE feature is blocking all local traffic to Google and as such blocks Google Desktop's integration feature from working.
I managed to get it working by modifying the SYSTEM.abe file. I tried editing the USER.abe file, but it looks like the system one takes preference.
# Prevent Internet sites (except Google) from requesting LAN resources.
Site LOCAL
ACCEPT from
http://www.google.com
Accept from LOCAL
Deny
Re: NoScript breaks google desktop
Posted: Wed Jul 01, 2009 10:49 am
by Giorgio Maone
@
Morac:
there's no surprise, as web->LAN requests are blocked by the "LocalRodeo" rule you modified.
You changed it correctly, but the following form is both more concise and faster at runtime:
Code: Select all
Site LOCAL
Accept LOCAL www.google.com
Deny
Also, if you can find a more specific rule by observing the notification it would be better, since otherwise I could theoretically (by using a fast-flux DNS) make Google index a CSRF attack of mine and direct the DNS to your LAN when it's browsed from a Google result.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Wed Jul 01, 2009 3:39 pm
by Morac
Well I'm not sure exactly how to make the rule more specific exactly. Google Desktop does run on a specific port, which is randomly chosen when it is installed. Can the rules block incoming traffic except for specific ports?
Re: [RESOLVED] NoScript breaks google desktop
Posted: Wed Jul 01, 2009 3:53 pm
by Giorgio Maone
I'd like to see the exact ABE warning, in order to guess if the origin can be more restricted than the whole
www.google.com.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Wed Jul 01, 2009 11:59 pm
by Morac
The exact warning is (note I Xed out the port number and the unique "s" number just to be safe):
Code: Select all
[ABE] <LOCAL> Deny on {GET http://127.0.0.1:xxxx/search?q=test&num=2&s=XXXXXXXXXX&mode=onebox&cacheid=30 <<< http://www.google.com/search?q=test}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
As such I changed the rule to the following which seems to work:
Code: Select all
Site LOCAL
Accept LOCAL http://www.google.com/search
Deny
Technically Google Desktop still works by itself, but the injection of the local search results into the main Google search was being blocked.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 7:10 am
by Giorgio Maone
OK, then the wisest tweak is actually prepending the default rule with a more specific Accept one, i.e.:
Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q=
Accept from http://www.google.com/search?q=
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 3:41 pm
by Morac
Okay thanks.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 6:04 pm
by Reid Rankin
Replacing the contents of SYSTEM.abe with
Giorgio Maone wrote:Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q=
Accept from http://www.google.com/search?q=
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Gives me the following error:
line 3:42 no viable alternative at character '='
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 7:25 pm
by Giorgio Maone
Hrm, bug.
Use this, it's the same:
Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q
Accept from http://www.google.com/search?q
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 7:34 pm
by Reid Rankin
Works fine now.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Thu Jul 02, 2009 11:49 pm
by Morac
Giorgio Maone wrote:
Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q=
Accept from http://www.google.com/search?q=
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
I replaced SYSTEM.abe with this and I'm still getting deny messages. I'm not sure why though since it looks like the RegExp is correct.
Edit: It's working now. I had to restart Firefox for it to take effect. Is that how it's supposed to work?
Re: [RESOLVED] NoScript breaks google desktop
Posted: Fri Jul 03, 2009 9:50 am
by Giorgio Maone
Morac wrote:I replaced SYSTEM.abe with this and I'm still getting deny messages.
Edit: It's working now. I had to restart Firefox for it to take effect. Is that how it's supposed to work?
It works this way: if you edit the file from the
NoScript Options|Advanced|ABE it gets refreshed immediately.
Otherwise it gets reloaded after one hour at most or when you restart the browser.
Re: [RESOLVED] NoScript breaks google desktop
Posted: Fri Jul 03, 2009 3:22 pm
by mark
I had to change the rule a bit:
Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q
Accept from http://www.google.com/search
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny
i removed the ?q of the Accept argument because i show my results in english, so i have ..search?hl=en?q
Re: [RESOLVED] NoScript breaks google desktop
Posted: Fri Jul 03, 2009 5:45 pm
by Giorgio Maone
Re: [RESOLVED] NoScript breaks google desktop
Posted: Mon Jul 06, 2009 6:35 pm
by Reid Rankin
Tiny change, I left on the ? after
http://www.google.com/search... Just seemed like better security practice to me. (Who knows what pages on google.com start with the word "search"? Probably none, but why leave it to chance?)
Code: Select all
# Google Desktop exception.
Site ^http://127\.0\.0\.1:\d+/search\?q
Accept from http://www.google.com/search?
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny