diff --git a/4.2.3-uMatrix.md b/4.2.3-uMatrix.md deleted file mode 100644 index 740fd54..0000000 --- a/4.2.3-uMatrix.md +++ /dev/null @@ -1,58 +0,0 @@ -:small_orange_diamond: **Block TLDs** - -There are [over 1,500 TLDs in existence today](https://www.icann.org/registrar-reports/accredited-list.html), many of which are widely abused - see [this](https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/) Krebs on Security article. Also [this](https://krebsonsecurity.com/2018/03/omitting-the-o-in-com-could-be-costly/) one. Blocking TLDs can be overly broad and akin to playing whack-a-mole. A more precise and effective strategy is to use uMatrix / uBlock Origin in hardened configurations. - -Example: blocking [.cm](https://en.wikipedia.org/wiki/.cm) which is the [ccTLD](https://en.wikipedia.org/wiki/Country_code_top-level_domain) for Cameroon. Note: you will need both lines if you allow 1st-party (`* 1st-party * allow`), as the way uMatrix works, narrow rules win over broader rules. - -``` -* cm * block -cm 1st-party * block -``` - -For ABP-compatible syntax (such as uBlock Origin, Adblock Plus), this would be: - -``` -||cm^ -``` - -:small_orange_diamond: **Prevent Internet sites from requesting LAN resources** ( thanks @theWalkingDuck ) - -this is/was the only default ABE rule in Noscript: -``` -# Noscript -# Prevent Internet sites from requesting LAN resources. - -Site LOCAL -Accept from LOCAL -Deny -``` - -We can easily rewrite it in the uMatrix way `[source] [destination] [content] [action]`. - -For example `* 127.0.0.1 * block` means `[any source] [trying to access 127.0.0.1] [for any content] [should be BLOCKED]` - -NoScript's `Site LOCAL` `Deny` part in uMatrix: -``` -# uMatrix -# Prevent Internet sites from requesting LAN resources. - -* 127 * block ### block access to IPv4 localhost 127.x.x.x -* localhost * block -* [::1] * block ### block access to IPv6 localhost -* 192.168 * block ### block access to LAN 192.168.x.x -``` -NOTE: 192.168.x.x is the most commonly used private network range. If you're using one of the [alternatives](https://en.wikipedia.org/wiki/Private_network), 10.0.0.0/8 or 172.16.0.0/12, adjust your rules accordingly. (see @crssi's [comment](https://github.com/arkenfox/user.js/issues/319#issuecomment-364119775) for details - thanks @crssi) - -The best practice is to use a separate browser for accessing local resources or using a temporary allow if needed ... but for those who need it permanently: -``` -# uMatrix -# Accept from LOCAL - -127 127 * allow -localhost localhost * allow -[::1] [::1] * allow -192.168 192.168 * allow -``` -btw, don't forget to remove the `matrix-off: localhost true` rule. - ---- \ No newline at end of file