search

RequestPolicy / requestpolicy

RequestPolicy is a Firefox extension that gives you control over cross-site requests. --- Be sure to look at the dev-1.0 branch as that's where all of the interesting work is happening. See also: https://www.requestpolicy.com/1.0.html
https://www.requestpolicy.com/
107 stars 17 forks source link

Site Still Requesting embedded YouTube with Flash Off, JavaScript DISabled, RP running #450

Open electroweak opened 9 years ago

electroweak commented 9 years ago

Hi, I have found RP(v0.5.28) to be an excellent product...but I have found one particular site which is setting off my TCPBlock-er for outbound requests to Youtube/Google. The site is a chat-forum, and users often include embedded YouTube videos. I have Flash switched off, and I block all scripts on the site with NoScript. I run RequestPolicy and I do not allow requests to YouTube (i.e. the default behaviour). I have nothing whitelisted.

I run TCPBLock and when I visit a page with embedded video, it lights up like a Christmas Tree, with FireFox (31.0) immediately trying to reach YouTube on anything up to 50 IP addresses (on the standard http port 80).

Again, I have only found one site where this behavior occurs, and I think it might be a case of them somehow circumventing the user preference, perhaps for revenue purposes.

One example of a page at the forum is: "http://www.godlikeproductions.com/forum1/message2710089/pg1" -I'd be most grateful if someone else can verify this behavior. I even tried opening up TCPBlock, and using my router to filter the requests to 74.125.X.X / 216.X.X.X (google/Youtube)... the requests to Google/Youtube made it through RequestPolicy to my router, where I binned them.

myrdd commented 9 years ago

@electroweak you mean that RP allows requests that it should block? Did you check RP's request log?

Btw work on RP 1.0 is in progress in a fork: https://github.com/RequestPolicyContinued/requestpolicy

electroweak commented 9 years ago

@myrdd -- Thanks for the reply. Looking at the log, RP says the request to YT is blocked (with a little dot in the column), but the site is still trying to get it! - as evidenced by my TCPBlock and firewall.

One clue; the RP log only states that the connection to YT was blocked once, e.g. at a specific time hh:mm:ss,, but the connections go on for many seconds (~20s?), repeatedly cycling through many YT IP's, so yes it seems to me that RP is not catching their ongoing requests?

Again, sorry for being a noob, perhaps I am not describing this very well, but I have had this working perfectly on many, sites and this one seems different. Do you suggest I get 1.0 as a beta, and try it?

myrdd commented 9 years ago

Hey @electroweak, I understand what you're writing but I have to test this by myself.

Do you suggest I get 1.0 as a beta, and try it?

It would be nice if you could test 1.0 (https://github.com/RequestPolicyContinued/requestpolicy/releases). Note that there are still some compatibility problems, see here – especially importing rules from 0.5 has a bug. However, if you do have the same problem with 1.0, please report this bug also in the other repo as I don't support 0.5 anymore.