Add a request blacklist with priority over the whitelist

[jsamuel]

imported trac ticket
created: 2009-06-21 16:51:42
reporter: justin

Add a blacklist of request destinations that aren't allowed even if the whitelist policy says they should be. This would apply even when "temporarily allow all requests" is enabled (maybe that would be the default behavior but it could be changed through a config option to not apply in that case).

The blacklist would be able to include IP address ranges and requests to those IP addresses would be blocked even if the host in the requested URI was a domain name rather than an IP address.

The blacklist would definitely be for blacklisting destinations, possibly also for blacklisting origins-to-destinations (though one might argue that if users need to allow destinations from only some origins, they shouldn't whitelist the destination but instead only those origins-to-destinations they intended to allow). What about origins? I seem to really need to stretch to come up with a situation where that would be useful.

The blacklist would probably be accessible by default only from the preferences window but later on there could be an option to add "blacklist this [whatever]" items in the menu.

(Thanks to RSnake for the suggestion of a blacklist.)

[jsamuel]

imported trac comment
created: 2009-10-05 09:32:47
author: justin

From navjotjsingh (http://forums.mozillazine.org/viewtopic.php?p=7662825#p7662825):

Say I have a site mysite.com and I have installed Google Analytics on it. Now I want to allow all requests to Google Analytics except from !MySite.com since I would like to exclude my own visits.

So, there is clearly a use case for origin-to-destination blacklists.

[jsamuel]

imported trac comment
created: 2010-05-11 00:18:57
author: eibwen

With considerations of policy types and site specificity, the implementation will have to consider priority at each level. For example:

1. Full Domain, Protocol & Port BLACKLIST match = DENY
2. Full Domain, Protocol & Port WHITELIST match = ALLOW
3. Full Domain BLACKLIST match = DENY
4. Full Domain WHITELIST match = ALLOW
5. 2nd level Domain BLACKLIST match = DENY
6. 2nd level Domain WHITELIST match = ALLOW
7. "Temporary" WHITELIST Policies = ALLOW
8. DENY ALL

This will permit exclusive explicit exceptions from the blacklist, if the whitelist policy is more specific. For example:

DENY example.com EXCEPT ALLOW !http://important.example.com

It will also preclude "Temporary" (non-explicit) policies from overriding explicit policies, regardless of specificity.

One question yet to be addressed is origin-to-destination policies of different strictness settings on the whitelist versus the blacklist. Perhaps:

1. BLACKLIST origin & destination are full domain, protocol & port
2. WHITELIST origin & destination are full domain, protocol & port
3. BLACKLIST 1 full domain, protocol & port; 1 full domain
4. WHITELIST 1 full domain, protocol & port; 1 full domain
5. BLACKLIST 1 full domain, protocol & port; 1 2nd level domain
6. WHITELIST 1 full domain, protocol & port; 1 2nd level domain
7. BLACKLIST origin & destination are 2nd level domain
8. WHITELIST origin & destination are 2nd level domain

Should 3 to 6 be refactored to prioritize higher specificity of the origin or destination?
Perhaps not as this is likely a per combination preference...

[jsamuel]

imported trac comment
created: 2011-01-27 11:02:44
author: justin

There's clearly a use case where people want !RequestPolicy's UI but want the extension primarily as a cross-site request blacklist rather than a whitelist (default allow rather than default deny). Rather than just having the solution be that they should "temporarily allow all requests" and rely on the blacklist still being enforced, it should possibly be a mode the user chooses to use !RequestPolicy in. I'm not sure how this should be represented in the UI if the user is in such a mode.

[jsamuel]

imported trac comment
created: 2011-02-05 12:37:20
author: eibwen

To further complicate the issue, users may want to specify default policy as well as identify sites to feature the opposite policy:

ALLOW, DENY default, but
DENY, ALLOW from siteA, siteB, siteC, ...

or

DENY, ALLOW default, but
ALLOW, DENY from siteA, siteB, siteC, ...

#174 seems a decent short-term compromise for simply implementing a blacklist, but still hoping for a iptables-esque rule based policy...