←back to thread

I can see your local web servers

(http.jameshfisher.com)
652 points jamesfisher | 2 comments | 28 May 19 07:57 UTC | HN request time: 0.475s | source
Show context
gnomewascool ◴[28 May 19 09:32 UTC] No.20028516[source]
If you use uMatrix, you can easily block the localhost and local network "sniffing" with the following rule[0]:

  * 127       * block    ### block access to IPv4 localhost 127.x.x.x
  * localhost * block
  * [::1]     * block    ### block access to IPv6 localhost
  * 192.168   * block    ### block access to LAN 192.168.x.x
In principle, you can use this without any other blocking, i.e. with the rule:

  * * * allow
and hence without disabling javascript on any sites.

[0] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.3-uM...

Edit: as pointed out by DarkWiiPlayer below, if you want to be able to access the localhost websites from the same browser, you need:

  localhost localhost * allow
and similarly for the LAN. In full:

  127       127       * allow
  localhost localhost * allow
  [::1]     [::1]     * allow
  192.168   192.168   * allow
replies(7): >>20028541 #>>20028585 #>>20028627 #>>20028634 #>>20028673 #>>20030102 #>>20034486 #
1. dredmorbius ◴[28 May 19 21:13 UTC] No.20034486[source]
Add all the RFC1918 unroutable private networks.

https://en.wikipedia.org/wiki/Private_network

    10.0.0.0 – 10.255.255.255 (10.0.0.0/8)
    172.16.0.0 – 172.31.255.255 (172.16.0.0/12)
    192.168.0.0 - 192.168.255.255 (192.168.0.0/16)
    127.0.0.0 - 127.255.255.255 (127.0.0.0/8)
https://tools.ietf.org/html/rfc1918

Possibly also 100.64.0.0/10 for carriers.

https://tools.ietf.org/html/rfc6598#page-8

replies(1): >>20046832 #
2. johnp_ ◴[29 May 19 23:32 UTC] No.20046832[source]
Possibly also the IPv6 ULAs:

https://en.wikipedia.org/wiki/Unique_local_address

Not sure if those can be expressed in uMatrix as a prefix rule.