Browser Settings
See also: Secure Browsing,Web Use and Development, Web Authoring, Proxy Servers, Where's My Web Stuff?, NRAO Computer Security Policy, Appx. A
There are two good reasons why you may want to alter the default settings of your web browser, whether it be Firefox, Mozilla, Seamonkey, IE, Safari, Opera, or some other one. These are:
- SECURITY: The web is not always a safe place; protect yourself from malicious (and/or annoying) scripts, popups, cookie theft, and other badness such as "cross site scripting" (XSS); and
- FUNCTIONALITY: There are valid reasons to allow scripts, cookies, etc. from "trusted" sites, but not from others.
Fortunately, most browsers permit you to address both of these issues at the same time. What follows is a short tutorial on how to set your browser to accomodate them, and keep yourself safe. If you want a more official, longer, and detailed account, please read the Securing Your Browser article from US-CERT.
What Sites Should I Trust?
Good question! To first order, they are:
-
*.nrao.edu
-
*.nrao.cl
-
*.aui.edu
While you can of course add specific sites each time you encounter one that, say, wants to set a cookie or throw up a popup, using wildcards as above (the "*
" character above) is a lot easier.
Configuring Your Browser
Firefox
- Allow Cookies
Begin by finding the Preferences dialog for your operating system:
- Windows: Select the "Options..." from the "Tools" menu found at the top of the window.
- Linux: Select "Preferences" from the "Edit" menu at the top of the Firefox window.
- Mac OSX: Select "Preferences..." from the "Firefox" menu on the OSX menu bar.
From the Preferences dialog, select the "Privacy" menu from the left-hand pane. Click the plus sign next to "Cookies" in the main pane. Check the boxes next to "Allow sites to set cookies." You can also select the lifetime of the the cookie to be either the cookie's built-in expiration date (set by the web sites you visit) or you can tell Firefox to remove the cookies each time you close the browser. (NOTE: this will prevent sites like GMail and others from storing login cookies, etc.)
If you do not wish to enable cookies for all sites, you can enable them only for particular sites by clicking on the "Exceptions" button. Under "Address of web site:", enter a site from which you wish to allow cookies and click the "Allow" button to add that site to the list. To add an entire domain to the list, simply type the name of the domain (i.e., nrao.edu
); do not put any wildcards in front of the name.
Managing the Firefox Popup Blocker
To allow a site to bypass Firefox's popup-blocker, select "Web Features" from the Preferences dialog. Next to the item "Block Popup Windows", click the "Allowed Sites" button.
Under "Address of web site:", enter a site from which you wish to allow unrequested popup windows and click the "Allow" button to add that site to the list. To add an entire domain to the list, simply type the name of the domain (i.e., nrao.edu
); do not put any wildcards in front of the name.
Internet Explorer
Blocking Popups
To enable popup blocking in Internet Explorer, open the "Internet Options" dialog and choose the "Privacy" tab. At the bottom of the dialog box, click the box labeled "Block pop-ups."
To allow a specific site to open unrequested popup windows, click the button labeled "Settings".... Enter a site from which you wish to permit popup windows and click the "Add" button to add that site to the list.
Enabling Display of Mixed Content
Mixed content is when a page viewed over SSL (https://
) also includes non-SSL images, banners, etc. To permit the viewing of Mixed Content on Trusted Sites in Internet Explorer, open the "Internet Options" dialog and click the "Security" tab. Select the "Trusted Sites" icon and click the "Custom Level..." button.
Scroll down the list of options until you see the item "Display mixed content" (about half way down the list). Select "Enable" and click the "OK" button. Click "OK" again to close the Internet Options dialog.
Safari
From the "Safari" menu on the OSX menu bar, select "Preferences..." and choose the "Security" tab from the top of the dialog box. Next to "Accept Cookies", choose "Only from sites you navigate to."
Blocking Popups
From the "Safari" menu on the OSX menu bar, select "Preferences..." and choose the "Security" tab from the top of the dialog box. Check the box labeled "Block pop-up windows."
Browser Addons and Extensions
There are many "extras" one can choose to add in to your browser that will extend its functionality. Examples of such extras include:
- Thousands of Firefox Extensions, many of which enhance security and provide additional blocking support against popups and scripts (see also Secure Browsing);
- The Google Toolbar.
As none of these are formally supported by the NRAO Computing Divisions, it is your responsibility to check if these addons are interfering with your browser settings, specifically cookie acceptance, popup blocking, etc. That said, it is known that by default the Google toolbar will block the popups normally used by some components of WBS. For Firefox users, the Yes Popups extension provides a way to temporarily disable popup blocking and thus may prove useful to some users.