InformAction Forums

Posted: **Fri Nov 12, 2010 11:28 am**

when the iframe is DNS cached

Site http:
Anon INC from https:

Load this via https:

Code: Select all

<iframe src="http://example.org"></iframe>

Fx 3.6.12, NS 2.0.5.1

Before http://example.org is DNS cached, everything is fine, the iframe is blocked, the Anon rule is not triggered, and the page has a secure status.

But if http://example.org is loaded first, when loading the test page:

you can see the iframe briefly load, then get replaced by the placeholder
the iframe request makes it out to the network
Anon rule is triggered twice (error console)
page ends up with a mixed status

Posted: **Fri Nov 12, 2010 11:49 am**

Investigating, thanks.

Posted: **Fri Nov 12, 2010 12:26 pm**

If the iframe is loaded by ip:

Code: Select all

<iframe src="http://192.0.32.10/"></iframe>

the problem manifests immediately, on first load of the secure page, since no dns caching is needed

Posted: **Sun Nov 14, 2010 9:52 pm**

Fixed in latest development build.

Posted: **Mon Nov 15, 2010 2:52 am**

Giorgio Maone wrote:Fixed in latest development build.

Confirmed, but, when the iframe is included by ip, ABE reacts even though this request never happens. I believe a similar thing happens with the XSS filter, which also reacts to blocked requests. Can you, in these cases, kind of "look ahead" and not bother with requests that will be blocked?

Also, please look at this.

Posted: **Mon Nov 15, 2010 7:34 am**

al_9x wrote: Can you, in these cases, kind of "look ahead" and not bother with requests that will be blocked?

Unfortunately no.

InformAction Forums

ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

Re: ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

Re: ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

Re: ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

Re: ABE Anon HTTP: from HTTPS: rule breaks iframe blocking

Re: ABE Anon HTTP: from HTTPS: rule breaks iframe blocking