Good on you for tackling ABE configuration! It's a very powerful module, but can be challenging.
poutnikl wrote:
Code: Select all
# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny INC
Accept GET from www.getforecastfox.com
Deny
That looks good. I would probably put Accept GET after the Accept from LOCAL, and then drop the Deny INC (just use Deny), but what you have should work fine and be more selective, so long as getforecastfox doesn't actually want to include any resources from LOCAL.
I used Deny INC, as I was afraid Accept GET may cover some activities denied by Deny INC
Yes, it allows inclusion of resources (scripts, etc), but only for requests initiated by www.getforecastfox.com, which you presumably trust. If you're sure that forecastfox doesn't need to do that, then you made the right choice
.
P.S.: If applicable and adviced, is possible to specify which LOCAL resources can be accessed ?
Yes, you certainly can specify your own rule for specific hostnames (or more likely IP addresses), and if you have lots of local addresses, that's a good idea. Make sure that it goes above the default rule, since you want it to take precedence. Eg:
Code: Select all
Site 127.0.0.1
Accept GET from www.getforecastfox.com
Deny
Site LOCAL
Accept from LOCAL
Deny