Feature #2777
Proxy: block ports 80 (http) and 443 (https)
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
When web proxy (Squid) is configured in transparent mode, the GUI should display an option to block http and https port.
Add a new PortBlock
property to squid
key.
When PortBlock
is enabled
, apply following rule:
REJECT loc net tcp 80,443
The rule should be valid also for orange, blue and vpn zones.
Associated revisions
DB, templates, Web UI: add PortBlock option. Refs #2777
History
#1 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from NEW to TRIAGED
- Target version set to v6.5
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti about 7 years ago
- Description updated (diff)
#4 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-squid-1.1.1-4.0git182ad1a0.ns6.noarch.rpm
- Configure the proxy in manual mode
- Enable the port block
- Check the client can't open web pages without proxy
- Check the client can open web pages when the proxy is configured inside the browser
#6 Updated by Filippo Carletti about 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Enabling port block on server-manager adds a reject rule in the loc2net chain:
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
Trying to browse the web the connection is closed immediately.
Configuring the proxy in the browser enables navigation.
#7 Updated by Giacomo Sanchietti about 7 years ago
Waiting for nethserver-firewall-base release.
#8 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-squid-1.2.0-1.ns6.noarch.rpm