ABE LOCAL rule and GetForecastFox extension

[poutnikl]

I use great weather forecast FF extension Getforecastfox, based on AccuWeather data.
Configuration of extension is done by invoking page on http://www.getforecastfox.com, JS required.

When I enabled SYSTEM LOCAL ABE rule, it stopped working, until I weakened LOCAL rule to allow access from www.getforecastfox.com.

Currently I use the following code, but as I am newbie to ABE and HTTP internal things,
I would like if revised a/o adviced better settings.

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny INC
Accept GET from www.getforecastfox.com
Deny

I used Deny INC, as I was afraid Accept GET may cover some activities denied by Deny INC

P.S.: If applicable and adviced, is possible to specify which LOCAL resources can be accessed ?

[Thrawn]

Good on you for tackling ABE configuration! It's a very powerful module, but can be challenging.

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
Deny INC
Accept GET from www.getforecastfox.com
Deny

That looks good. I would probably put Accept GET after the Accept from LOCAL, and then drop the Deny INC (just use Deny), but what you have should work fine and be more selective, so long as getforecastfox doesn't actually want to include any resources from LOCAL.

I used Deny INC, as I was afraid Accept GET may cover some activities denied by Deny INC

Yes, it allows inclusion of resources (scripts, etc), but only for requests initiated by www.getforecastfox.com, which you presumably trust. If you're sure that forecastfox doesn't need to do that, then you made the right choice .

P.S.: If applicable and adviced, is possible to specify which LOCAL resources can be accessed ?

Yes, you certainly can specify your own rule for specific hostnames (or more likely IP addresses), and if you have lots of local addresses, that's a good idea. Make sure that it goes above the default rule, since you want it to take precedence. Eg:

Code: Select all

Site 127.0.0.1
Accept GET from www.getforecastfox.com
Deny

Site LOCAL
Accept from LOCAL
Deny

[warp-9.9]

I've tried these suggested rules in ABE / SYSTEM area, as well as variations, and they do not work, none of them, at all. I must manually click "Allow" button every time I want to customize the Forecastfox extension, which actually does nothing when I click it. Banner remains, Allow button remains, configuration page not functional. Any suggestions?

[warp-9.9]

Sorry for double post, I was not registered or logged in before. I have these ABE SYSTEM rules, which did not prevent the "Allow" button from appearing, and did not make the Allow button work. However, subsequently clicking the "x" to close the red banner did allow the Forecastfox customization page to work properly.

Code: Select all

# Prevent Internet sites from requesting LAN resources.
Site LOCAL
Accept from LOCAL
# Allow Forecastfox customization page.
Accept GET from www.getforecastfox.com
Deny

Could this rule be modified to prevent the red warning banner with the Allow button? Is it something better suited for XSS? I want this extension to operate without so much hassle. Could you possibly see about adding a default rule for it, even if commented out at first. At least it'd be there and we could see quickly how to enable it.

[barbaz]

???
"Red banner"? Doesn't sound like NoScript...
What does it actually say?

Also, any related messages in the Browser Console? (Ctrl-Shift-J)