Connect to internal IP via telify not triggering ABE
Posted: Mon May 14, 2012 4:48 pm
When investigating the first issue I had with customising ABE to allow access to a local system from an exernal one, I had the following scenario that doesn't trigger an ABE and wondered if it should; it's handy that it doesn't, I'm just not sure why it doesn't.
We have IP based office phones, and they can make an outgoing call via a web request to their internal web server. We use the telify plugin to turn likely phone numbers into URL's on our local network, so once an external page is fetched, the DOM may have anchor tags to an internal network address. These links *don't* trigger ABE's, even on a site that hasn't been visited before and where no permissions have been granted. AFAIK, I haven't relaxed settings to allow this to work. Any ideas? I'm wondering if arbitrary JS code could modify the DOM to have links to internal addresses and get away with it.
We have IP based office phones, and they can make an outgoing call via a web request to their internal web server. We use the telify plugin to turn likely phone numbers into URL's on our local network, so once an external page is fetched, the DOM may have anchor tags to an internal network address. These links *don't* trigger ABE's, even on a site that hasn't been visited before and where no permissions have been granted. AFAIK, I haven't relaxed settings to allow this to work. Any ideas? I'm wondering if arbitrary JS code could modify the DOM to have links to internal addresses and get away with it.