CodeMirror/uMatrix
1
0
Fork 0
mirror of https://github.com/gorhill/uMatrix.git synced 2024-05-07 05:43:37 +12:00
Code Issues Releases Wiki Activity
Page: How to work in hardcore "block almost everything" mode
Pages
About "the page is still broken after I created all necessary rules" Changes from HTTP Switchboard Contributing ruleset recipes Cookies Default ruleset at installation Examples of useful rulesets FAQ Home How to "allow all" in uMatrix How to access the popup panel when there is no toolbar How to block 1st party scripts everywhere by default How to create rules which apply everywhere, on all web sites How to get past "uMatrix has prevented the following page from loading" How to have root documents blocked by default everywhere How to work in hard 3rd party default deny by default How to work in hardcore "block almost everything" mode How to work only with global rules and all scripts blocked by default Lingering domain entries in the matrix Logger Per scope switches Permissions Preset whitelisted and blacklisted domains Privacy friendly Chromium settings Privacy policy Privileged Pages Raw settings Rules syntax Ruleset recipes Scope selector Setting Domain Specific & Global Rules The extension icon The popup panel Translation work contributors Very bare walkthrough for first time users
0 How to work in hardcore "block almost everything" mode
ಚಿರಾಗ್ ನಟರಾಜ್ edited this page 2018-06-05 23:39:39 +00:00
Table of Contents

Idea

Instead of starting with a permissive model, start with a very restrictive model and whitelist as necessary.

Default ruleset

Go to the uMatrix panel and select the global scope. Deselect everything except 1st-party CSS.

How to work with this

Open a new page. It might look horribly broken, but don't panic! Look at the uMatrix panel for third party CSS resources (anything with a number in it in the CSS column is probably useful). Select the CSS box for those (sub)domains. Reload. Hopefully, the site looks decent now!

The next step is images. Again, toggle specific (sub)domains until the site looks reasonable.

To save or not to save?

If this is a site you visit fairly often, you should probably save the rules so that you don't have to go through this too often. Otherwise, I wouldn't bother - the fewer the rules, the less the potential for unexpected things to happen.

Concrete example

Let's take facebook.com as an example. We'll walk through how to figure out what the site needs and how.

First, we visit Facebook. I will be using a vanilla Firefox profile with only uMatrix installed.

  1. Facebook is utterly broken. We click on the uMatrix panel and note that static.xx.fbcdn.net has a 7 in the CSS box. We toggle that and reload.

  2. It already looks a lot better! Now we fix the images. We see that the facebook.com, www.facebook.com, scontent-ort2-2.xx.fbcdn.net, and static.xx.fbcdn.net entries have multiple images, so we toggle the image box for facebook.com and the last two (www.facebook.com is automatically whitelisted as you can see in the screenshot). We reload.

  3. We now see that Facebook complains that Javascript is disabled in the browser, so we go ahead and toggle the script box for facebook.com and reload.

  4. We now try logging in. When we click "Login", we get an error that cookies are not enabled, so we go ahead and toggle the cookie box for facebook.com and try logging in again.

  5. This is enough to get us logged in! However, Facebook itself doesn't work! The screen is blank. The only resource that shows as blocked (currently) is the script box of static.xx.fbcdn.net, so let's toggle that and try again.

  6. That worked! We're able to see stuff in the Newsfeed now. However, clicking on Notifications doesn't seem to work. When we click on it, we see the XHR box in www.facebook.com tick up, so let's try toggling that.

  7. Cool! Now we can see notifications (and click on them). However, images aren't loading (the ones in the newsfeed will load, but try clicking on one of them). We see that the image box of scontent.xx.fbcdn.net is blocking something, so we'll try toggling that.

  8. This seems to just bring up a new domain (external-ort2-2.xx.fbcdn.net)! Let's toggle its image box as well.

  9. That worked! We can now view images both inline and in theatre mode. Now try scrolling down. Uh oh. Facebook refuses to load new things! If you look at the console, you'll see that it's trying to pull new content from 1-edge-chat.facebook.com. Anticipating what is going on, we can go ahead and whitelist XHR for 1st-party. Let's try reloading now.

  10. Huh, it still doesn't work. Perhaps whitelisting the frames in staticxx.facebook.com and www.facebook.com would help?

  11. Cool! It works! Now let's try to find an embedded video to see if it will play (Hint: it won't). We get a loading circle which almost immediately stops. We see a video-ort2-2.xx.fbcdn.com, so let's whitelist its XHR (it needs to fetch the video after all!).

  12. And it works! You can now view posts, images, and videos while only whitelisting the specific things Facebook needs for those purposes.

uMatrix: Point and click matrix to filter net requests according to source, destination and type.