Not an issue, but a question regarding access to 127.0.0.1

[ghost]

Policeman 0.17.2 is running just fine. Great work, thanks.

I am puzzled with what is not a Policeman issue but a website's request to access 127.0.0.1 : what does this imply, should I refuse access to 127.0.0.1, should I refuse it globally? In the case of the website I am referring to I have allowed it to full access (because it calls videos widely) with nevertheless the global restrictions I have set. Should I include 127.0.0.1 as a global refusal?

here's the screenshot : http://hpics.li/662e0cc

It shows that wat.tv wants to access http://127.0.0.1:9421/crossdomain.xml As you can see I've refused Anything/Any domain to 127.0.0.1 and the page runs fine. I remain puzzled.

Thanks for your advice

[futpib]

I dunno, more like a question for website owners.

[futpib]

Well, unless something is listening on your computer on that port, I can't imagine anything bad happening (or anything at all).

[ghost]

More a question for website owners, correct. I did hesitate to publish this here since it doesn't involve Policeman as such. I'll try to find out. Meanwhile I'm leaving this 127.0.0.1 access to denied. I was, remain puzzled, not more... perhaps 50/50, with suspicion :)

Thanks, futpib. Enjoying your add-on 16/7/365 (the time I'm running Firefox!) -- The BEST to ALL for 2015.

[RandomAcronym]

@Zylinder port 9421 is used by Moose File System , wich would be run on the website's own server. It's possible that someone forgot to comment out some code meant for local use only.

[ghost]

@RandomAcronym Thanks a lot for this information. This could mean that the 127.0.0.1 would be that of the server but interpreted as that of the user's since 127.0.0.1 when read is always a "mirror" reading. I'm a newbie and moreover English is not my mother-tongue so pardon the approximations!

Anyway, main thing is security, but curiosity remains a valid quest, should it be nourished by a minimum of basic knowledge, knowledge here that I lack terribly. Too old to start now... I just wonder as I wander!

Thanks again.

[RandomAcronym]

Glad I could be of help. As far as I know, there is is nothing at 127.0.0.1 external domains can use, as it is ment for internal use,You would need a program that's running at all times that could listen to requests at 127.0.0.1 and then respond to them for anything at all to happen.

[ghost]

But Policeman here did point out that wat.tv wanted to access http://127.0.0.1:9421/crossdomain.xml ; crossdomain.xml

The wat.tv page concerned handles videos, and there is an interesting Adobe Flash article concerning this crossdomain.xml : Setting a crossdomain.xml file for HTTP streaming. I wonder if there is a pertinence here.

[kafene]

More than likely some code is just left pointing at http://localhost/crossdomain.xml which was on one of the developers computers, and forgot to change the URL before publishing. Especially considering that http://wat.tv/crossdomain.xml does exist. I would guess the unusual port number is just one he was using for local development.

Nevertheless, leave any request to your local computer as blocked unless you are the one making it.

[ghost]

@kafene I read you loud and clear. Including the suggestion to leave any request to your local computer as blocked unless you are the one making it. - Done! Thanks who? Thanks Policeman!