Easier blacklisting/whitelisting

How can we make our software better?

Moderators: Tyler, Scott

Post Reply
AlanM
Observer
Observer
Posts: 6
Joined: Thu Jul 09, 2015 7:03 am

Easier blacklisting/whitelisting

Post by AlanM »

It would be wonderful if there was an easier way to specify permitted domains.

For example, let's say I wanted to allow any web access to arbitrary.com, including:
http://arbitrary.com
https://anything-here.arbitrary.com
http://1.2.3.arbitrary.com

Most of my whitelisted items are of this nature. Right now, as I understand it, I'd need to use convoluted regular expressions to add these, such as:

+^(https?)://[A-Za-z0-9\-\.]+\.arbitrary.com

And I'd need at least two entries, to account for the case that it's just a TLD. So how about a shortcut way to specify "any http or https access to a domain ending in this TLD?" Such as:

++arbitrary.com

Which would match the three examples above (but not "somewhatarbitrary.com"). It would sure be easier to edit, read, and maintain the URL file.

The second suggestion is to allow us to specify a way to silently blacklist something. Let's say there's a particular allowed web page that always embeds an element that is going to trigger a rejection. We don't want to whitelist that element, but we don't want the patron to have to endure the rejection pop-up that obscures the primary, permitted site. So there could be a special code that acts the same way as the '-', but which doesn't cause any pop-ups, such as:

=-facebook.com

Scott
Site Admin
Site Admin
Posts: 2527
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Re: Easier blacklisting/whitelisting

Post by Scott »

The following regular expression will match the URL starting with either "http://" or "https://", with "www", "WWW" or "", followed by "arbitrary.com".

^http?.:\/\/[w,W,\.]*arbitrary\.com


For the second part, starting with PWB v3.04.1 CEF you can use the following setting to only filter the page main frame URL.

[Security]
CheckURLMainFrameOnly=True

Clicking on the a denied URL will trigger the denied message.

--Scott

AlanM
Observer
Observer
Posts: 6
Joined: Thu Jul 09, 2015 7:03 am

Re: Easier blacklisting/whitelisting

Post by AlanM »

The following regular expression will match the URL starting with either "http://" or "https://", with "www", "WWW" or "", followed by "arbitrary.com".

^http?.:\/\/[w,W,\.]*arbitrary\.com
Yes, but my point is that that is difficult for humans to parse and maintain. Plus it isn't actually sufficient, since the above also matches, for example:
httpz://warbitrary.com
and doesn't match:
http://test.arbitrary.com

Honestly, I don't even know what the proper regex is, and would love to see it.

So what I'm suggesting is that there should be an easier way to do this very, very common thing that doesn't involve a mass of strange characters as a prefix.
For the second part, starting with PWB v3.04.1 CEF you can use the following setting to only filter the page main frame URL.

[Security]
CheckURLMainFrameOnly=True
I was aware of that option, but I'm not sure it does what I need. First of all, I do want all URLs checked everywhere, all the time. It's just that there are a handful of select URLs that, if they are denied, I do not want them to produce a message that the patron sees. I simply want their content to not load.

Scott
Site Admin
Site Admin
Posts: 2527
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Re: Easier blacklisting/whitelisting

Post by Scott »

This regular expression matches http, https, subdomains + dot, www + dot, or nothing specified before domain.

^https?:\/\/[A-Za-z0-9.-]+\.arbitrary\.com|^https?:\/\/arbitrary\.com


This satisfies the original example:

http://arbitrary.com
https://anything-here.arbitrary.com
http://1.2.3.arbitrary.com

--Scott

Scott
Site Admin
Site Admin
Posts: 2527
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Re: Easier blacklisting/whitelisting

Post by Scott »

PWB 3.04.3 now available on the Beta Downloads page has the following addition.

Version 3.04.4 Basic 07-13-2015

Added:
[Files] FilterDLL=
Path to Filter DLL for URL filtering.
DLL needs to export "HRESULT PWBFilterFunction(LPCTSTR pszURL)" function.
Function return S_OK (0) if URL is allowed.
Function return S_FALSE (1) if URL is disallowed.
Function return PWB_CONTINUE (2) to continue to use PWB filter.

Please see the "PWBAddonExample" also available on the Beta Downloads page for an example of a PWB addon with the PWB Filter Function included.

This will allow anyone to extended the PWB filter functionality to meet their specific needs.

--Scott

AlanM
Observer
Observer
Posts: 6
Joined: Thu Jul 09, 2015 7:03 am

Re: Easier blacklisting/whitelisting

Post by AlanM »

Thank you, Scott!

-Alan

Scott
Site Admin
Site Admin
Posts: 2527
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Re: Easier blacklisting/whitelisting

Post by Scott »

Please feel free to email me if you need any help.

You are going to share right? :D

--Scott

AlanM
Observer
Observer
Posts: 6
Joined: Thu Jul 09, 2015 7:03 am

Re: Easier blacklisting/whitelisting

Post by AlanM »

The syntax from that example above doesn't work (and gives an error in the URL Filter Check). I believe this almost does the trick, though:

^(https?://[A-Za-z0-9\.\-]+\.arbitrary\.com)|(https?://arbitrary\.com)

...however that will match http://arbitrary.comx

Post Reply