Feature #2777

Proxy: block ports 80 (http) and 443 (https)

Added by Giacomo Sanchietti over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.5
Resolution: NEEDINFO:No

Description

When web proxy (Squid) is configured in transparent mode, the GUI should display an option to block http and https port.

Add a new PortBlock property to squid key.
When PortBlock is enabled, apply following rule:

REJECT loc net tcp 80,443

The rule should be valid also for orange, blue and vpn zones.

Associated revisions

Revision 182ad1a0
Added by Giacomo Sanchietti over 5 years ago

DB, templates, Web UI: add PortBlock option. Refs #2777

History

#1 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 5 years ago

  • Description updated (diff)

#4 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.1.1-4.0git182ad1a0.ns6.noarch.rpm
Test case
  • Configure the proxy in manual mode
  • Enable the port block
  • Check the client can't open web pages without proxy
  • Check the client can open web pages when the proxy is configured inside the browser

#6 Updated by Filippo Carletti over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Enabling port block on server-manager adds a reject rule in the loc2net chain:
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443

Trying to browse the web the connection is closed immediately.
Configuring the proxy in the browser enables navigation.

#7 Updated by Giacomo Sanchietti over 5 years ago

Waiting for nethserver-firewall-base release.

#8 Updated by Davide Principi over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-squid-1.2.0-1.ns6.noarch.rpm

Also available in: Atom PDF