TechnikEmpire
commented
6 years ago This is really a bug in https://github.com/TechnikEmpire/DistillNET
Closed montesound closed 6 years ago
TechnikEmpire
commented
6 years ago This is really a bug in https://github.com/TechnikEmpire/DistillNET
montesound
commented
6 years ago When using the rule somerule$referer=somewhere.com it completely allows the refered domain even if the domain is blacklisted.
TechnikEmpire
commented
6 years ago TechnikEmpire
commented
6 years ago This is actually solved, just a matter of crafting rules properly.
This url has a Vimeo Video. https://www.petzl.com/US/en/Professional/Compact-rugged-headlamps/PIXA-3R-(ATEX) It's whitelisted with the following rules in the default test group. petzl.com www.petzl.com $referer=petzl.com $referer=www.petzl.com
[11:52] This is the url that is blocked. 2017-09-12 11:51:07.2164 INFO Request http://vimeo.com/api/oembed.json?url=https:%2F%2Fvimeo.com%2F16203283&callback=oEmbedCallback&width=940 blocked by rule ||vimeo.com in category /default/entertainment_streaming_downloadable_video/rules.
[12:02 PM] Ah interesting
[12:03] The referer for that particular URL comes up with a full URL for it.
[12:03] so the referer is like
https://petzl.com/.....[12:04] I can make a library modification to fix that. Just make it parse the referer field as a URI and then compare against the
hostproperty which will always be just the domain name.