EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Wednesday 20 November 2024, 04:53:20 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14258
Posts in
4377
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
Bug or Misconfiguration of Firewall
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Bug or Misconfiguration of Firewall (Read 10067 times)
palash
Jr. Member
Offline
Posts: 4
Bug or Misconfiguration of Firewall
«
on:
Tuesday 21 February 2012, 11:26:28 pm »
Hello
Since many time I'm facing a bug or miconfiguration I dont know, I kept open the 443 port for all user.
I blocked social sites for all users, but even though they can access the site...
When user input normal address (ie. example, com) he cant open the site.... But when he append "https" example.com He can access the site.
Have you guys any idea related to my problem?
its snatching my hair now......
Please help me..........
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Bug or Misconfiguration of Firewall
«
Reply #1 on:
Friday 24 February 2012, 03:17:47 am »
Snatch, snatch.
By design transparent HTTP proxy can't filter HTTPS. Otherwise it would be considered a man in the middle attack.
With transparent proxy, HTTPS is handled by firewall rules, not by proxy rules.
So you need to either block example.com by DNS, or block example.com IP's
Logged
palash
Jr. Member
Offline
Posts: 4
Re: Bug or Misconfiguration of Firewall
«
Reply #2 on:
Friday 24 February 2012, 04:30:04 pm »
Actually Firewall is filtering the domain(facebook.com, linkedin.com) which are blocked, and user cant access that.
But the problem is that when user append "https" in facebook.com or linkedin.com he can access.
That must not be happen.
do you have any idea?
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Bug or Misconfiguration of Firewall
«
Reply #3 on:
Saturday 25 February 2012, 02:21:26 am »
That must happen.
Http is filtered byt transparent proxy, HTTPS is not. Period. If you want to filter out HTTPS you must use non-transparent proxy or do some nasty tweaks on transparent.
http://serverfault.com/questions/211552/filter-ssl-connections-with-squid-proxy
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com