EFW Support

Support => General Support => Topic started by: palash on Tuesday 21 February 2012, 11:26:28 pm



Title: Bug or Misconfiguration of Firewall
Post by: palash on Tuesday 21 February 2012, 11:26:28 pm

Hello

Since many time I'm facing a bug or miconfiguration I dont know, I kept open the 443 port for all user.

I blocked social sites for all users, but even though they can access the site...

When user input normal address  (ie. example, com) he cant open the site.... But when he append "https" example.com He can access the site.

Have you guys any idea related to my problem?

its snatching my hair now......

Please help me..........


Title: Re: Bug or Misconfiguration of Firewall
Post by: mrkroket on Friday 24 February 2012, 03:17:47 am
Snatch, snatch.

By design transparent HTTP proxy can't filter HTTPS. Otherwise it would be considered a man in the middle attack.
With transparent proxy, HTTPS is handled by firewall rules, not by proxy rules.

So you need to either block example.com by DNS, or block example.com IP's


Title: Re: Bug or Misconfiguration of Firewall
Post by: palash on Friday 24 February 2012, 04:30:04 pm
Actually Firewall is filtering the domain(facebook.com, linkedin.com) which are blocked, and user cant access that.

But the problem is that when user append "https" in facebook.com or linkedin.com he can access.

That must not be happen.

do you have any idea?


Title: Re: Bug or Misconfiguration of Firewall
Post by: mrkroket on Saturday 25 February 2012, 02:21:26 am
That must happen.
 Http is filtered byt transparent proxy, HTTPS is not. Period. If you want to filter out HTTPS you must use non-transparent proxy or do some nasty tweaks on transparent.

http://serverfault.com/questions/211552/filter-ssl-connections-with-squid-proxy (http://serverfault.com/questions/211552/filter-ssl-connections-with-squid-proxy)