Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 06 December 2024, 07:41:37 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  HTTP proxy: Access Policy authorise domains doesn't work
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: HTTP proxy: Access Policy authorise domains doesn't work  (Read 12520 times)
obig
Jr. Member
*
Offline Offline

Posts: 2


« on: Friday 06 April 2012, 04:28:03 pm »

Hi all,

In EF2.5.1 and I also have it in the 2.4; when we add a policy to authorise traffic for a certain domain (eg test.com) without authentication it doesn't work. Still TCP_DENIED errors in the logs.
When you put in the complete host (eg www .test.com or web1 .test.com) it works, actually it seems that it  just translates the DNS name into an IP .... so it's doing IP based policy instead of domain based policy.

Anyone had this yet? This is very annoying since sometimes we have an application that uses about 20 different hosts on an internet domain and I had to add them all manually per host (in a domain policy). The only solution I had which is not very professional is putting the entire segment of the domain in question into an allow policy. That is not an option off course for security reasons.

If someone would know what causes this that would make me very happy  Grin

Thx
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #1 on: Saturday 07 April 2012, 07:08:50 am »

you need to create an access policy with destination domain like:
.libero.it
.microsoft.com
.wikipedia.com
Note the leading dot before DNS domain.
I attached an example screeenshot.

Davide.
Logged
obig
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Sunday 08 April 2012, 07:48:46 pm »

Hi Davvidde

thanks for your reply.
I thought of that too but when I've tried to put a dot before the domain it gave an error saying it was'nt a valid domain.
That's why I'm surprised to see your screenshot where it does work.
I'll have a look why it doesn't take the dot and post the reason afterwards.

Thx
Logged
kashifmax
Sr. Member
****
Offline Offline

Gender: Female
Posts: 108


« Reply #3 on: Tuesday 01 May 2012, 11:56:34 pm »

There are two ways. 1st as davvidde said. 2nd ^http://www.microsoft.com. Remember that it has a different working mechanism...
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com