A Pluckeye Forum

A place for Pluckeye users to chew the cud.

You are not logged in.

Announcement

This is the old forum. The new forum is at https://discourse.pluckeye.net/ .

#1 2021-07-04 17:28:24

stephane
Member
Registered: 2021-07-04
Posts: 2

allow image/svg+xml rule ignored

1. System: Windows
2. Pluckeye version: 1.0.57
3. Browsers: Chrome

I have a very simple config. I use a dns based filter to block porn, and use a few rules in pluckeye to complement the filter and schedule access to social media.

I use the following 3 rules to block images and videos on twitter while allowing svg images

C:\Users\Stephane>pluck export
allow twitter.com image/svg+xml
block twitter.com image/
block twitter.com video/

C:\Users\Stephane>pluck eval twitter.com image/svg+xml
allow because of rule 1: allow twitter.com image/svg+xml

when checking stminfo on twitter, svgs appear as broken images in browser, and checking verdicts confirms this.

https://abs-0.twimg.com/emoji/v2/svg/1f7e2.svg
image/svg+xml
block twitter.com image/

I found a similar issue in the forum. But it seems not fixed

https://forum.pluckeye.net/viewtopic.php?id=18

any ideas?

Last edited by stephane (2021-07-04 17:31:45)


lumber

Offline

#2 2021-07-05 12:40:31

sonicsid
Member
Registered: 2021-05-11
Posts: 43

Re: allow image/svg+xml rule ignored

As the verdicts state, the block image/ rule is overriding the allow image/svg+xml rule.

Try:

allow twitter.com image/svg+xml
block twitter.com image/jpeg
block twitter.com image/png
block twitter.com image/gif 

I've found pluck eval to be inaccurate on multiple occasions. Instead, if something doesn't work quite as expected, just check the verdicts.
"eval" is theoretical, "verdicts" is actuality.

Offline

#3 2021-07-06 15:47:35

stephane
Member
Registered: 2021-07-04
Posts: 2

Re: allow image/svg+xml rule ignored

Thanks, works like a charm, I only need those 3 rules.

block twitter.com image/jpeg
block twitter.com image/png
block twitter.com image/gif

Allowing SVGs is not required since everything is allowed  by default in my config.

But I think blocking image/ while allowing image/svg+xml should have worked. That is how they are doing it in the default config

allow image/svg+xml
block image/

I don't know why it would not work for an individual website. Also the fact that eval and verdict report conflicting information is confusing. I would like the rules algorithm to be documented. Relying on eval/verdict is trial/error.

But anyway I now have a config that fits my needs. And I think this delay idea could be a game changer for me. It is a brilliant idea. Really hope it works.


lumber

Offline

#4 2021-07-07 07:30:38

sonicsid
Member
Registered: 2021-05-11
Posts: 43

Re: allow image/svg+xml rule ignored

stephane wrote:

But I think blocking image/ while allowing image/svg+xml should have worked.

"block image/" implies "block image/<insert every image media type here>" , which includes "block image/svg+xml" as well.
And whenever there are block and allow rules for the same thing, the block rule takes precedence. That would explain your "allow image/svg+xml" having no effect.

So in a similar situation, what you want to do is to allow the superset (if it isn't already) and then block unwanted elements individually, like you just did.

stephane wrote:

That is how they are doing it in the default config

No idea how that works. Maybe because of the "allow otherwise" that it includes?

stephane wrote:

Also the fact that eval and verdict report conflicting information is confusing.

Like I said earlier, the verdicts are almost always accurate. Ignore what eval says, it doesn't seem to take into account that one rule may be being overridden by another.

stephane wrote:

And I think this delay idea ... is a brilliant idea.

100% agreed.

Offline

#5 2021-07-07 17:31:19

jon
Administrator
Registered: 2017-01-10
Posts: 525

Re: allow image/svg+xml rule ignored

Also the fact that eval and verdict report conflicting information is confusing. I would like the rules algorithm to be documented. Relying on eval/verdict is trial/error.

Totally true.

Get used to disappointment.

Offline

Board footer

Powered by FluxBB