When investigating the first issue I had with customising ABE to allow access to a local system from an exernal one, I had the following scenario that doesn't trigger an ABE and wondered if it should; it's handy that it doesn't, I'm just not sure why it doesn't.
We have IP based office phones, and they can make an outgoing call via a web request to their internal web server. We use the telify plugin to turn likely phone numbers into URL's on our local network, so once an external page is fetched, the DOM may have anchor tags to an internal network address. These links *don't* trigger ABE's, even on a site that hasn't been visited before and where no permissions have been granted. AFAIK, I haven't relaxed settings to allow this to work. Any ideas? I'm wondering if arbitrary JS code could modify the DOM to have links to internal addresses and get away with it.
Connect to internal IP via telify not triggering ABE
-
moggie2002
- Posts: 6
- Joined: Tue Apr 24, 2012 2:55 pm
Connect to internal IP via telify not triggering ABE
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Connect to internal IP via telify not triggering ABE
If the request is made internally by the plugin, ABE checks are skipped.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0