Page 1 of 2
[RESOLVED] Block non-host scripts?
Posted: Fri Aug 20, 2010 4:26 pm
by CaptainUberCool
Hi, I'm sure there is a way, because noscript is just awesome. but is it possible to block scripts that do not originate from the host, but still whitelist them when on their respective domains? example, google, youtube, facebook etc.
Thanks.
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:29 pm
by Giorgio Maone
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:32 pm
by CaptainUberCool
Thanks for the quick response man! exactly what i was looking for; i saw it somewhere before, i just couldn't remember where.
Cheers. (:
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:39 pm
by CaptainUberCool
Just a quick question with wildcards. would this be a legitimate rule?
Site google.* *.google.*
Accept from google.* *.google.*
Deny
or would i have to specify the TLDs separately?
Thanks.
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:45 pm
by Giorgio Maone
CaptainUberCool wrote:Just a quick question with wildcards. would this be a legitimate rule?
Site google.* *.google.*
Accept from google.* *.google.*
Deny
or would i have to specify the TLDs separately?
It's OK, but you can collapse google.* and *.google.* into .google.*, so it becomes
Code: Select all
Site .google.*
Accept from .google.*
Deny
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:48 pm
by CaptainUberCool
and .google.* would still include a domain that doesn't contain
www.? ie just google.com or instance.
Thanks.
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:50 pm
by Giorgio Maone
CaptainUberCool wrote:and .google.* would still include a domain that doesn't contain
www.? ie just google.com or instance.
Yes it would.
.google.com matches both
http://www.google.com and google.com, while *.google.com matches all the subdomains but NOT google.com, and google.com matches only google.com.
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 4:59 pm
by CaptainUberCool
Thanks man, a very useful feature!
Thanks again. (:
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 5:41 pm
by CaptainUberCool
it appears that some GET requests are being blocked. signing into youtube, which requires google.com and google.com's rss feeds homepage which requires gmodules.com.
i can sign into gmail ok, from there i can access my rss homepage, but obviously still not youtube.
here are the broken rules:
Code: Select all
# block google except on google
Site .google.*
Accept from .google.*
Deny
# block youtube
Site .youtube.*
Accept from .youtube.*
Deny
i have tried
Code: Select all
# block google except on google
Site .google.* .gmodules.*
Accept from .google.*
Deny
# block youtube
Site .youtube.* .google.*
Accept from .youtube.*
Deny
but to no avail.
here are snapshots of the error messages.
google.co.uk
http://img695.imageshack.us/img695/678/snapshot8j.jpg
youtube.co.uk
http://img808.imageshack.us/img808/3049/snapshot7y.jpg
Thanks. sorry to take up your time.
Re: Block non-host scripts?
Posted: Fri Aug 20, 2010 6:27 pm
by Giorgio Maone
Rather than DENYing everything, you probably want to deny only some kinds of INCLUSIONs, e.g. SCRIPTs and OBJects:
Code: Select all
Site .google.*
Accept from .google.*
Deny INCLUSION(SCRIPT, OBJ)
Furthermore, you can choose to ACCEPT requests from some sites (.gmodules.com and .youtube.com in this case), e.g.:
Code: Select all
Site .google.*
Accept from .google.* .youtube.com .gmodules.com
Deny INCLUSION(SCRIPT, OBJ)
Please check the docs at
http://noscript.net/abe for more details.
Re: [RESOLVED] Block non-host scripts?
Posted: Sat Aug 21, 2010 6:35 am
by Guest
Thanks, i read over that post you linked. It, was interesting. it seems simple enough, but if it's not too much trouble, could i run a couple of questions by you?
i noticed the recaptchas on certain sites broke, so i amended the google rule. is it still valid?
Code: Select all
Site .google.com/recaptcha* // i added these two lines.
Accept from ALL
Site .google.*
Accept from .google.* .youtube.* .gmodules.*
Deny INCLUSION(SCRIPT, OBJ)
secondly, there is an article here:
http://arstechnica.com/business/guides/ ... acking.ars
that states a rule like this is necessary.
Code: Select all
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny
Site doubleclick.net *.doubleclick.net
Deny
wouldn't:
Code: Select all
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny
be suffice?
i just want to clear up some misunderstandings before i start making rules. thank you.
Re: [RESOLVED] Block non-host scripts?
Posted: Sat Aug 21, 2010 7:17 am
by Giorgio Maone
Guest wrote:
i noticed the recaptchas on certain sites broke, so i amended the google rule. is it still valid?
Code: Select all
Site .google.com/recaptcha* // i added these two lines.
Accept from ALL
Site .google.*
Accept from .google.* .youtube.* .gmodules.*
Deny INCLUSION(SCRIPT, OBJ)
It's fine, provided that "// i added these two lines" is not really there.
Comments can only be introduced by a "#" at the beginning of the line.
Guest wrote:
secondly, there is an article here:
http://arstechnica.com/business/guides/ ... acking.ars
that states a rule like this is necessary.
Code: Select all
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny
Site doubleclick.net *.doubleclick.net
Deny
wouldn't:
Code: Select all
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from arstechnica.com *.arstechnica.com
Deny
be suffice?
Yes. However Ars Technica's rules blocks
any request (not just scripts and active content) for doubleclick.com.
Their rule could be simplified using the collapsed "domain + subdomains" form, though:
Code: Select all
Site http://ad.doubleclick.net/adj/ars.dart/
Accept from .arstechnica.com
Site .doubleclick.net
Deny
Re: Block non-host scripts?
Posted: Sun Aug 22, 2010 1:31 pm
by tlu
Giorgio Maone wrote:
.google.com matches both
http://www.google.com and google.com, while *.google.com matches all the subdomains but NOT google.com, and google.com matches only google.com.
Giorgio, it seems that I'm having a mental block right now. I'm not able to fully understand the difference between .google.com and *.google.com
Could you please give some examples how this syntax really works?
Re: [RESOLVED] Block non-host scripts?
Posted: Sun Aug 22, 2010 3:37 pm
by dhouwn
- .example.com matches example.com and bla.example.com
- *.example.com just matches bla.example.com
It's an extension to the common globbing mechanism.
Re: [RESOLVED] Block non-host scripts?
Posted: Sun Aug 22, 2010 5:05 pm
by tlu
dhouwn wrote:- .example.com matches example.com and bla.example.com
- *.example.com just matches bla.example.com
It's an extension to the common globbing mechanism.
Ah - thank you. This makes it clearer. (I told you I had a mental block
)