Code: Select all
Site thissite.com
Accept ALL from thissite.com
Deny ALLload only from current domain
-
guest
load only from current domain
need help with abe. i only want to load from the current domain and stop other domain
that what i tried but it didnt work
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: load only from current domain
What "didn't work" mean?
The code you used should work (allowing request from the site itself only).
Notice that you can shorthand it as
and if you want to include subdomains,
The code you used should work (allowing request from the site itself only).
Notice that you can shorthand it as
Code: Select all
Site thissite.com
Accept from SELF
Deny
Code: Select all
Site .thissite.com
Accept from SELF++
Deny
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
-
guest
Re: load only from current domain
Code: Select all
Site .thissite.com
Accept from SELF++
Denythe website loads images from other domain. I want to only load files from thissite.com.
Even after i put the code in USER the site still load the images.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: load only from current domain
Is ABE enabled?
Can I see a screenshot of your NoScript Options|Advanced|ABE panel and know the real site (you can PM me the address, if you prefer so).
Can I see a screenshot of your NoScript Options|Advanced|ABE panel and know the real site (you can PM me the address, if you prefer so).
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: load only from current domain
Got your private message.
It look like you want to use ABE "the reverse way", i.e. as an as blocker (blocking outbound requests, FROM thissite.com TO other sites) rather than as a CSRF protector (blocking inbound requests TO thissite.com).
The way to achieve this is
It look like you want to use ABE "the reverse way", i.e. as an as blocker (blocking outbound requests, FROM thissite.com TO other sites) rather than as a CSRF protector (blocking inbound requests TO thissite.com).
The way to achieve this is
Code: Select all
# block any load originating from .thissite.com,
# except when the destination is .thissite.com itself
# both the rules need to be put in the same ruleset, in this exact order
Site .thissite.com
Accept
Site *
Deny from .thissite.com
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
-
guest
Re: load only from current domain
That site have too many ad and i don't want to use adblocker for each domain.
People should use this method, when the site use <a img=".." /> from a lot of different domain.
I read wiki about CSRF, didn't quite get it.
So CSRF can steal my information if i'm log in to myspace or bank?
that wiki example, it is always image?
Those code are post by malicious web admin or user?
What exactly can they do if i got hit by the CSRF?
that code can protect myspace account?
People should use this method, when the site use <a img=".." /> from a lot of different domain.
I read wiki about CSRF, didn't quite get it.
So CSRF can steal my information if i'm log in to myspace or bank?
Code: Select all
<img src="http://bank.example.com/withdraw?account=bob&amount=1000000&for=mallory">Those code are post by malicious web admin or user?
What exactly can they do if i got hit by the CSRF?
Code: Select all
Site .myspace.com
Accept ALL from SELF++
Deny ALLMozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729)