必备的安全插件 Rated 5 out of 5 stars
RequestPolicy 默认禁止所有其他页面的调用请求，有点类似 NoScript，你可以根据需要自定义那些请求被允许。如果你有使用 NoScript 的经验，RequestPolicy 将会成为它的有力补充。但RequestPolicy对于初级用户可能会造成困扰。
Love it. Rated 5 out of 5 stars
This add-on blocks all third-party requests (html, scripts, images, etc.) by default until you manually allow them on per-server basis, either temporarily or permanently. If you're tech-savvy enough to understand what that last sentence means then you'll have no trouble understanding how to use this add-on after trying it out on a few sites. It's very similar to NoScript, but is not limited to scripts / plug-in content.This review is for a previous version of the add-on (0.5.25.1-signed.1-signed).
Rated 4 out of 5 stars
As with any whitelist, it took a while to set up RequestPolicy to my needs, but now my browsing is faster (no third-party ads, social plugins), more private (no social plugins again) and more secure (prevents potential XSS and CSRF attacks).
In future versions, I'd like to see improved handling of redirects (when a redirect to a payment gateway is blocked and then I allow it using the button in the yellow bar, it says "invalid request") and an option to mix "base domain" and "full domain" matching (e.g. allow destination googleapis.net, allow destination maps.google.com, but not *.google.com).
needs a disable, don't bother me again option Rated 4 out of 5 stars
noscript style blocking and dont bother again needed
all sorts of third party sites (ads, facetard, etc) I don't want cluttering up the blocked list
needs wildcard whitelisting for yahoo mail farm fqdn
Well round who know how many times! Rated 3 out of 5 stars
I access numerous sites well in the hundreds on a daily basis and while this may be useful if you only access a limited number regularly it's definitely not for the masses. I am constantly finding my self allowing access to external sites to allow the site to display images, css scripts, etc. to allow the page to display correctly, etc.
This definitely could use fine tuning.
Now this would be beneficial
1. Allowing IP ranges with wildcards, like 94.100.111.* - 94.100.300.*"
2. Blacklist instead. I find my self wanting to black list sites far less than whitelisting. Here is a good example of sites that require to much to figure out what is what: http://www.answerbag.com/q_view/2450216 and which policy to set. It would be easier to "Allow from site.com" and then go back and select specific sites to blacklist instead or the option to continue to whitelist individual if one prefers.
Thanks for your feedback. I've recently released an alpha version of RequestPolicy 1.0 which includes a blacklist mode. That is, it defaults to allowing requests and you can choose to "block requests from foo.com to bar.com". That's actually going to be the default mode in 1.0 and advanced users can switch to default-deny through the preferences. If you want to try it out, it's here: https://www.requestpolicy.com/1.0.html
Bypass Rated 5 out of 5 stars
RequestPolisy doesn't block third-party request inside NOSCRIPT tag.
In this site, addons.mozilla.org, RequestPolicy doesn't block request to webtrendslive.com
I think it's due to Firefox speculative parsing
Thanks for noticing this. This is probably due to addons.mozilla.org being treated differently by RequestPolicy to avoid breaking parts of Firefox. More info here: https://github.com/RequestPolicy/requestpolicy/issues/185
Rated 4 out of 5 stars
Very good, been using it for a long time, hardcore control but hard to use (not for the novice), but still fed up with it not being able to handle dark colour schemes well at all due to the red/green menu text meaning I have to manually edit chrome\requestpolicy.jar\skin\requestpolicy.css to change the colours every time I update it.
RequestPolicy version 1.0 (still in development) has a new menu with a white background regardless of your color scheme. If you're interested in being an alpha tester, you can find it here: https://www.requestpolicy.com/1.0.html
DrWeb conflict is not fixed Rated 5 out of 5 stars
It's a pity but version 0.5.25 didn't resolve the conflict with DrWeb link checker: https://github.com/RequestPolicy/requestpolicy/issues/287
I still have to "Temporally allow all redirections" if I want to check a link. For information, I have the latest stable Firefox and DrWeb Link Checker 2.5.8.
Must Have Essential Rated 5 out of 5 stars
Most webpages today make third-party requests. Many of these requests are not in the user's best interest. Curb them. Don't let third parties invite themselves into your interaction with a web page. RequestPolicy prevents such third-party calls unless you deem them to be beneficial to you. Together with NoScript, it makes your web experience safer, faster, and lighter.This review is for a previous version of the add-on (0.5.24.1-signed.1-signed).
Rated 5 out of 5 stars
Please, black list.This review is for a previous version of the add-on (0.5.24.1-signed.1-signed).
Rated 5 out of 5 stars
Would be better when it could handle and remember IP ranges with wildcards, like 94.100.111.* - 94.100.300.*
Great! Still, new features... Rated 4 out of 5 stars
... will make it even better. I'm anxiously waiting for the new version. While you're at it, here's another possible feature: allow to click on a "removed" image in order to display it (just like NoScript does for flash etc.).
I'm not sure if that would mean to allow the entire domain or just that one image. The latter might be tricky to implement, and probably the former is even more useful. Something like "This image comes from http://example.org/. Clicking ok will allow all requests to that domain. OK/Cancel" or something along these lines.
This would eliminate the guesswork which domain has to be allowed in order to see images. (Which can be pretty tricky on sites which include a lot of content from, like, 37 external sources)
RequestPolicy and Add-ons Manager Rated 5 out of 5 stars
RequestPolicy cause new window open when click the link form Add-ons Manager. Look at Bug 715865 (https://bugzilla.mozilla.org/show_bug.cgi?id=715865).This review is for a previous version of the add-on (0.5.24.1-signed.1-signed).
Good idea, needs a bit more fine tuning Rated 5 out of 5 stars
I've played around with addons like noscript and adblock plus.
I thought that I would give Request Policy a try.
It seems to be okay, would be better if:
1. Blacklist/whitelist (I see that this has already been mentioned in previous comments:))
2. More clarity and simplicity about "from" and "to" requests so that everyone (not just us geeks:)) will be able to use this addon.
Just my two cents:)... Keep up the good work. Continue to keep the addon light and avoid bloats. Cheers!
The need of a blacklist & multi-selection Rated 3 out of 5 stars
There are some sites (e.g forum), in which requests are made from the site to various image site, allowing them 1 by 1 is just a disturbance for normal browsing, and is already too much for normal user.
In that case, a better (although compromised somehow...) alternative would be allowing request from the site, but the rules specified in blacklist (either destination or origin-to-destination) would be followed. Only with that, the user experience can be enhanced.
Also, multi-selection of site request for permission is needed to avoid the repetitive work of clicking site 1 by 1 in menu.
Thanks for your feedback. Both of these features (ability to select multiple items before reload as well as a default-allow mode with blacklist support) are in development and are planned for launch in summer 2012.
Rated 5 out of 5 stars
For such a paranoid person as me, this is absolutely awesome addon.
It would be nice if a separate button to temporarily allow requests from current page was available (NoScript has this button available)
and if such an option that the context menu would open on hover over the RequestPolicy toolbar button (instead of after clicking the button) was available.
As of now, this is an irreplaceable addon—and well done one—so 5 stars are yours and thank you once again! (I even created the account here only to thank you).
Great add-on, but needs some improvements Rated 5 out of 5 stars
Great add-on, it provides exactly what I was missing from NoScript.
Needs a few improvements though:
- Allowing multiple sites should be easier, similar to NoScript: the menu should not close after clicking on a domain and the changes should be applied to the menu right away not after reload only. Reload after closing the menu.
- Option to blacklist domains, so I can click 'allow all' but still keep some known ad/stats/tracking sites blocked.
- Using/importing the list of blocked domains from NoScript would be even better so I only have to block them once
Thanks for the support and feedback! Regarding your suggestions, #1 (multiple whitelist changes before reload) and #2 (blacklist) are in progress and will launch by summer 2012. These features will probably be in a 1.0 alpha release in spring 2012 which will be available directly from the requestpolicy.com website.
For #3 (NoScript integration/coordination), after RP 1.0 is released I'll look into ways to enable these addons to work better together. It's going to be a long time before I get there given the number of outstanding feature requests and the time required for the major changes that are in progress now.
A True Firefox Essential! Rated 5 out of 5 stars
Instead of having to click on every single item individually, could we instead implement the checkbox method in which we check off the items we want to run followed by automatically reloading the page once the list becomes unfocused? It would be a huge timesaver. Disabling the auto-reload kinda helps but it's too buggy to ensure if the item is actually running or being blocked. Please make it easier to allow multiple items to be selected at one time! Keep up the great work!This review is for a previous version of the add-on (0.5.23.1-signed.1-signed).
Not a threat! Rated 4 out of 5 stars
Ran the tests and passed no problem for me. I think some optional AI could be included to automatically allow web page elements to make surfing a little less painfull. Otherwise this is a great addon, love it!This review is for a previous version of the add-on (0.5.22.1-signed.1-signed).
possible security threat! Rated 1 out of 5 stars
i recently posted a review stating that when you have request policy installed and enabled when you do a browser security test at browserscope.org "the sts test" http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security the test will not complete and does not work but when request policy is installed but disabled the test fails. when request policy is not installed the sts test passes. just stating the obvious that request policy could be a target for a man in the middle attack. on my last post this security flaw was acknowledged by request policy then my post mysteriously disappeared.This review is for a previous version of the add-on (0.5.22.1-signed.1-signed).
Hi. My previous reply did not acknowledge a security flaw (there is not one). RequestPolicy's blocking of requests can make some Browserscope tests fail but that doesn't mean there is a security flaw. Rather, some tests may not have been able to run. Please see this ticket for more information: https://github.com/RequestPolicy/requestpolicy/issues/251 --- Thanks!