mirror of
https://github.com/arkenfox/user.js.git
synced 2024-11-25 20:11:38 +01:00
Destroyed 4.2.3 uMatrix (markdown)
parent
3045c8be49
commit
bafde517d8
@ -1,58 +0,0 @@
|
|||||||
:small_orange_diamond: **Block TLDs**
|
|
||||||
|
|
||||||
There are [over 1,500 TLDs in existence today](https://www.icann.org/registrar-reports/accredited-list.html), many of which are widely abused - see [this](https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/) Krebs on Security article. Also [this](https://krebsonsecurity.com/2018/03/omitting-the-o-in-com-could-be-costly/) one. Blocking TLDs can be overly broad and akin to playing whack-a-mole. A more precise and effective strategy is to use uMatrix / uBlock Origin in hardened configurations.
|
|
||||||
|
|
||||||
Example: blocking [.cm](https://en.wikipedia.org/wiki/.cm) which is the [ccTLD](https://en.wikipedia.org/wiki/Country_code_top-level_domain) for Cameroon. Note: you will need both lines if you allow 1st-party (`* 1st-party * allow`), as the way uMatrix works, narrow rules win over broader rules.
|
|
||||||
|
|
||||||
```
|
|
||||||
* cm * block
|
|
||||||
cm 1st-party * block
|
|
||||||
```
|
|
||||||
|
|
||||||
For ABP-compatible syntax (such as uBlock Origin, Adblock Plus), this would be:
|
|
||||||
|
|
||||||
```
|
|
||||||
||cm^
|
|
||||||
```
|
|
||||||
|
|
||||||
:small_orange_diamond: **Prevent Internet sites from requesting LAN resources** ( thanks @theWalkingDuck )
|
|
||||||
|
|
||||||
this is/was the only default ABE rule in Noscript:
|
|
||||||
```
|
|
||||||
# Noscript
|
|
||||||
# Prevent Internet sites from requesting LAN resources.
|
|
||||||
|
|
||||||
Site LOCAL
|
|
||||||
Accept from LOCAL
|
|
||||||
Deny
|
|
||||||
```
|
|
||||||
|
|
||||||
We can easily rewrite it in the uMatrix way `[source] [destination] [content] [action]`.
|
|
||||||
|
|
||||||
For example `* 127.0.0.1 * block` means `[any source] [trying to access 127.0.0.1] [for any content] [should be BLOCKED]`
|
|
||||||
|
|
||||||
NoScript's `Site LOCAL` `Deny` part in uMatrix:
|
|
||||||
```
|
|
||||||
# uMatrix
|
|
||||||
# Prevent Internet sites from requesting LAN resources.
|
|
||||||
|
|
||||||
* 127 * block ### block access to IPv4 localhost 127.x.x.x
|
|
||||||
* localhost * block
|
|
||||||
* [::1] * block ### block access to IPv6 localhost
|
|
||||||
* 192.168 * block ### block access to LAN 192.168.x.x
|
|
||||||
```
|
|
||||||
NOTE: 192.168.x.x is the most commonly used private network range. If you're using one of the [alternatives](https://en.wikipedia.org/wiki/Private_network), 10.0.0.0/8 or 172.16.0.0/12, adjust your rules accordingly. (see @crssi's [comment](https://github.com/arkenfox/user.js/issues/319#issuecomment-364119775) for details - thanks @crssi)
|
|
||||||
|
|
||||||
The best practice is to use a separate browser for accessing local resources or using a temporary allow if needed ... but for those who need it permanently:
|
|
||||||
```
|
|
||||||
# uMatrix
|
|
||||||
# Accept from LOCAL
|
|
||||||
|
|
||||||
127 127 * allow
|
|
||||||
localhost localhost * allow
|
|
||||||
[::1] [::1] * allow
|
|
||||||
192.168 192.168 * allow
|
|
||||||
```
|
|
||||||
btw, don't forget to remove the `matrix-off: localhost true` rule.
|
|
||||||
|
|
||||||
---
|
|
Loading…
Reference in New Issue
Block a user