←back to thread

I can see your local web servers

(http.jameshfisher.com)
652 points jamesfisher | 1 comments | 28 May 19 07:57 UTC | HN request time: 0.223s | source
Show context
gnomewascool ◴[28 May 19 09:32 UTC] No.20028516[source]
If you use uMatrix, you can easily block the localhost and local network "sniffing" with the following rule[0]:

  * 127       * block    ### block access to IPv4 localhost 127.x.x.x
  * localhost * block
  * [::1]     * block    ### block access to IPv6 localhost
  * 192.168   * block    ### block access to LAN 192.168.x.x
In principle, you can use this without any other blocking, i.e. with the rule:

  * * * allow
and hence without disabling javascript on any sites.

[0] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.3-uM...

Edit: as pointed out by DarkWiiPlayer below, if you want to be able to access the localhost websites from the same browser, you need:

  localhost localhost * allow
and similarly for the LAN. In full:

  127       127       * allow
  localhost localhost * allow
  [::1]     [::1]     * allow
  192.168   192.168   * allow
replies(7): >>20028541 #>>20028585 #>>20028627 #>>20028634 #>>20028673 #>>20030102 #>>20034486 #
1. black_puppydog ◴[28 May 19 09:38 UTC] No.20028541[source]
that's awesome, using it!

but to be fair, the point seemed to be more that if you run something that's "only" exposed locally... don't. securing each and every machine with uMatrix doesn't seem the answer to this.