Page 1 of 1
ABE rules triggering messages for some rules
Posted: Fri Jan 17, 2014 11:03 am
by access2godzilla
I have the following rules in ABE:
Code: Select all
Site .googlesyndication.com .google-analytics.com .adzerk.net .scorecardreasearch.com cdn-careers.sstatic.net .quantserve.com .chartbeat.com .2mdn.net .revsci.net .criteo.com .krxd.net .amazon-adsystem.com .doubleclick.net .adobetag.com .fbcdn.net .peer39.net demdex.net .adsonar.com .crwdcntrl.com .2o7.net .omtrdc.net .troveread.com .mathtag.com .parsely.com
Deny
Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny
Site .google.com
Accept from .youtube.com .blogspot.com
Accept from SELF
Deny
On this page:
http://arstechnica.com/information-tech ... lesystems/ , if I scroll down to the end, I get this:
Code: Select all
Request {GET hxxp://www. reddit. com / static/ button /button3. html ? (snipped due to spam filter) - 7} filtered by ABE: < .reddit.com .stumbleupon.com .twitter.com> Deny
I know that I can turn off ABE notifications, but why does this specific rule generate a message?
Re: ABE rules triggering messages for some rules
Posted: Fri Jan 17, 2014 11:43 am
by Thrawn
Can you send the whole message to a moderator via private message?
The second rule restricts reddit to receive requests only from itself, which may be your problem.
Re: ABE rules triggering messages for some rules
Posted: Sat Jan 18, 2014 4:50 pm
by access2godzilla
Re: ABE rules triggering messages for some rules
Posted: Sat Jan 18, 2014 5:12 pm
by barbaz
Script permission status of those sites?
Could you please post also the messages in the Browser Console?
Re: ABE rules triggering messages for some rules
Posted: Sun Jan 19, 2014 11:41 am
by access2godzilla
Scripts globally allowed, no sites in untrusted. All other settings are same as the defaults.
I can't post anything from the browser console here due to the spam filter, but the general structure is:
Code: Select all
[ABE] <<site>> <action> on {<request type> <url> <<< <document> - <number>}
USER rule:
<ruleset>
To see what is actually generated, you can put in my rules.
Just to clarify, my question is, why would some specific rules generate a message while others do not?
Re: ABE rules triggering messages for some rules
Posted: Sun Jan 19, 2014 3:07 pm
by barbaz
OK, reproduced. Unfortunately the washingtonpost message got lost, but here's the reddit one with irrelevant parts snipped:
Code: Select all
[ABE] <.reddit.com .stumbleupon.com .twitter.com> Deny on {GET http://www.reddit.com/ [ ETC ] <<< (snip) arstechnica (snip) - 7}
USER rule:
Site .reddit.com .stumbleupon.com .twitter.com
Accept from SELF
Deny
Note the number 7:
Looks like the notification is firing for iframes, even though it's not supposed to: (emphasis added by me)
http://noscript.net/abe/users.html wrote:If ACTION is Deny and the blocked request is targeted to a
*top-level* window, an user-facing notification is also issued, with an Options button which lands directly in the ABE configuration panel.
Re: ABE rules triggering messages for some rules
Posted: Sat Apr 19, 2014 8:34 pm
by SeanM
While tinkering with
doubleclick.net in ABE, I ran into the subject matter of this thread. To wit, the following is displayed at the top of the display:
Code: Select all
[ABE] <.doubleclick.net> Deny on {GET http://3687047.fls.doubleclick.net/activityi;src=3687047;type=retar754;cat=retar424;ord=1856690113655.9634? <<< http://www.classmates.com/places/school/West-High-School/25?startYear=1963&endYear=1969&type=registration - 7} filtered by ABE: <.doubleclick,net> Deny
The associated USER rule:
Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny
I have checked "
iFrame" under "Embeddings". After I parsed out the message (above), I added "Deny INCLUSION" to the ABE rule, to read:
Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm
Accept from .americanexpress.com
Accept from .nysaves.org
Accept from .pandora.com
Deny INCLUSION
Deny
The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?
Re: ABE rules triggering messages for some rules
Posted: Mon Apr 21, 2014 7:48 pm
by barbaz
SeanM wrote:I have checked "iFrame" under "Embeddings".
Apparently, this bug also applies to <frame> elements.
SeanM wrote:The message to the display no longer appears, rather logs correctly (and only) to the Error Console. Is the behavior correct, or is NoScript diplaying the error regardless of the "Notifications" settings ?
NoScript does correctly obey the ABE notification setting. The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.
(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:
Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny
)
Re: ABE rules triggering messages for some rules
Posted: Tue Apr 22, 2014 8:20 am
by Giorgio Maone
barbaz wrote: The problem is that it's not correctly identifying whether a window is top-level, so it's erroneously firing the notification.
I suppose what's going on might be that when it's hitting "Deny INC", it *knows* that the blocked resource isn't displayed as a top-level window, so it doesn't fire the notification.
Investigating, thanks.
Re: ABE rules triggering messages for some rules
Posted: Thu May 01, 2014 2:50 am
by Guest
(Side note: For performance reasons, I suggest you edit your ABE rule to look like this:
Code: Select all
Site .doubleclick.net
Accept from SELF++
Accept from *.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny
And what this?
Code: Select all
Site .doubleclick.net
Accept from SELF++
*.last.fm .americanexpress.com .nysaves.org .pandora.com
Deny INCLUSION
Deny
