Properly Configuring Internet Explorer Zones?

Discussion in 'other security issues & news' started by Fox Mulder, Nov 8, 2012.

Thread Status:
Not open for further replies.
  1. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    I don't like to let scripts run on my computer unless I trust the site, so I've been trying to configure IE10 to block scripts in the Internet Zone but allow them in the Trusted Zone.

    Every website I go to works with default settings, so I go to my zone configuration and disable scripting in the Internet Zone. I then open up gmail.com, which complains about not having javascript. I add it to the Trusted Zone and it works properly, javascript and all. Exactly the kind of functionality I want.

    However, I have noticed some problems with scripts on more complex sites. For example, I went to Netflix and despite adding netflix.com to my trusted sites, none of the scripts work. I've checked to make sure it's properly in the Trusted Zone. Re-enabling scripts in the Internet Zone makes netflix work again.

    Am I doing something wrong? I would really like this to work out.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    If I recall correctly zones don't cover subdomains, so if you're browsing to a subdomain of Netflix you'll need to add it to the trusted zone also.

    Note: Remember to enable protected mode for the trusted zone!
     
  3. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    343
  4. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Hmm, I added the subdomain (movies.netflix.com) and scripts still don't work. :(

    Question: I enabled EPM and now the regular Protected Mode boxes won't check, is that normal?
     
  5. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    I'm not sure, maybe you need to add the domain the scripts are originating from? Would be a bit rubbish if it was designed that way, but it's a possibility.

    I'm not using the release of Windows 8 so I wouldn't know. Are they greyed out?
     
  6. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
  7. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    I'm starting to think the first part is right, but I hope that's not the case. Otherwise this is really annoying.

    They're not greyed out, just unchecked. In the Advanced settings, EPM is checked but these other boxes won't retain the check.
     
  8. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,912
    Location:
    U.S.A.
    Fox Mulder, first, try this *.netflix.com. The asterisk acts as a wildcard for any sub-domains of Netflix. If that fails, see below.

    Using Firefox and NoScript, after I log in, I see this sub-domain: nflxext.com (which I have allowed in the past). If I forbid the domain, Netflix does not work as well. Add that site and see what happens; worth a try
     
  9. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    Hmm, that didn't seem to work.

    For kicks, I decided to set the Internet Zone to Prompt for scripts, instead of just disabling them. Visiting Netflix, I got no less than three prompts to allow scripts. After clicking OK to all of them, the site works fine.

    The only problem is... these pop-ups contain zero information about where the scripts are coming from or what domain they're hosted on. It's literally just "Scripts are usually safe. Do you want to allow scripts on this page?"

    It looks like Funky's theory was right: Netflix probably calls scripts from a variety of other domains. Unless you know the location of all scripts used on the page, it won't work properly.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,851
    You can locate the domains by hitting F12, selecting the Network tab, click "Start capturing" and refresh the page.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
Loading...
Thread Status:
Not open for further replies.