I would like to try out Icedove-UXP, but the ABE NAT Pinning Rule is blocking the download links - https://wiki.hyperbola.info/doku.php?id ... cedove-uxp
If I add exception for this, will I be vulnerable to NAT pinning?
[RESOLVED] NAT Pinning rule question
[RESOLVED] NAT Pinning rule question
*Always* check the changelogs BEFORE updating that important software!
-
-
Giorgio Maone
- Site Admin
- Posts: 9506
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NAT Pinning rule question
What does your exception look like?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Re: NAT Pinning rule question
I haven't added one, but if I did I would probably try this -
Code: Select all
Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/*
Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]*Always* check the changelogs BEFORE updating that important software!
-
-
Giorgio Maone
- Site Admin
- Posts: 9506
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NAT Pinning rule question
That's perfectly fine: it's specific enough, and uses https, so it couldn't be used for rebinding unless the attacker owns a valid hyperbola.info certificate, which would be a bigger trouble opening for much easier attacks.barbaz wrote:I haven't added one, but if I did I would probably try this -Code: Select all
Site https://repo.hyperbola.info:50000/* https://git.hyperbola.info:50100/* Accept from ^https://(?:[^/:]+\.)?hyperbola\.info[/:]
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Re: NAT Pinning rule question
Cool. Thanks Giorgio! 
*Always* check the changelogs BEFORE updating that important software!
-