Page 1 of 1
ABE blocks everything non-HTML
Posted: Sun Oct 24, 2010 11:37 pm
by Zerofire
I have some pages that ABE is blocking images, CSS, and JavaScript. This is kinda annoying especially since one site is Blackboard from the institution I am attending. There is no ABE warning for these sites. To make matters worse I am not permitted to turn ABE off by my employer. On these pages if you attempt to view the code it is blank. This also seams to only happen when the server is on the same network as the computer. For example if I go to Blackboard from my employer's network everything is fine but if it is from the institutions it becomes a problem. Likewise happens for my employers site on some pages.
Re: ABE blocks everything non-HTML
Posted: Mon Oct 25, 2010 2:27 pm
by therube
By chance have Options | HTTPS, Force HTTPS set to Always.
Re: ABE blocks everything non-HTML
Posted: Mon Oct 25, 2010 2:54 pm
by Giorgio Maone
Zerofire wrote:This also seams to only happen when the server is on the same network as the computer.
This may mean that a page located on internet is trying to load stuff from a server in your intranet.
Could you check whether [ABE] messages appear in
Tools|Error Console?
Re: ABE blocks everything non-HTML
Posted: Tue Oct 26, 2010 2:49 am
by Zerofire
There are messages for each image and Javascript file.
[ABE] <LOCAL> Deny on {GET http://www.[site].com/css/init.css <<< http://www.[site].com/, http://www.[site].com/ - 4}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
This is very strange as they are being called via a relative link from the site root and the URL of the domain is being used not a local IP.
Re: ABE blocks everything non-HTML
Posted: Tue Oct 26, 2010 7:22 am
by Giorgio Maone
Zerofire wrote:There are messages for each image and Javascript file.
[ABE] <LOCAL> Deny on {GET http://www.[site].com/css/init.css <<< http://www.[site].com/, http://www.[site].com/ - 4}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
This is very strange as they are being called via a relative link from the site root and the URL of the domain is being used not a local IP.
There's only one explanation to this situation: "
www.site.com" resolves
both to a local
and an internet IP.
This may be intentional, or a DNS misconfiguration (it's also common in DNS rebinding attacks, and that's why ABE blocks it, but it doesn't seem to be your case).
At any rate, the work-around is inserting the following rule in the
beginning of your
NoScript Options|Advanced|ABE SYSTEM ruleset:
Re: ABE blocks everything non-HTML
Posted: Tue Oct 26, 2010 3:52 pm
by Zerofire
That's very weird as I am very sure that the URL resolves to the WAN IP and not an internal one. The systems also use external (outside the network) DNS systems so the only IP that they can see is the WAN IP and no internal IP's. This is for the site hosting and each unit as we do not maintain our own DNS. Do you know of any routers that might be smart enough to be injecting a local IP? DD-WRT perhaps?