Bug #3050

« Previous | Next »

HTTP and HTTPS port blocked even if proxy is disabled

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-squid
Target version:v6.6
Security class: Resolution:
Affected version:v6.5 NEEDINFO:No

Description

If web proxy is disabled but the "Block HTTP and HTTPS ports" option is enabled, users can't surf the web.

Steps to reproduce
  • Enable the web proxy in manual mode
  • Check "Block HTTP and HTTPS ports" option
  • Save and check the user can access web pages using the proxy
  • Disable the web proxy
  • The user can't access web pages with or without a configured proxy

Expected behavior
If the proxy is disabled, HTTP and HTTPS must be open and the user should be able to surf the web.

Related issues

Duplicated by NethServer 6 - Bug #3085: If ports block is enabled in proxy configuration, when pr... CLOSED

Associated revisions

Revision 18e04fa5
Added by Giacomo Sanchietti over 6 years ago

firewall: block HTTP/S ports only if squid is enabled. Refs #3050

Revision efaf1071
Added by Giacomo Sanchietti over 6 years ago

shorewall: add comment to block rule. Refs #3050

History

#1 Updated by Giacomo Sanchietti over 6 years ago

  • Category set to nethserver-squid
  • Status changed from NEW to TRIAGED
  • Target version set to v6.6
  • % Done changed from 0 to 20
  • Affected version set to v6.5

#2 Updated by Giacomo Sanchietti over 6 years ago

Proposed patch:

--- /etc/e-smith/templates/etc/shorewall/rules/90squid    2015-01-20 09:44:48.000000000 +0100
+++ /etc/e-smith/templates-custom/etc/shorewall/rules/90squid    2015-02-19 09:50:51.938075040 +0100
@@ -89,7 +89,7 @@
         }
     }

-    if ($block eq 'enabled') {
+    if ($status eq 'enabled' && $block eq 'enabled') {
         # generate rules for all zones
         foreach my $z (keys %zones) {
             $OUT .= "#\n# Block HTTP/HTTPS from $z to net\n#\n";

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-squid-1.3.1-1.1.g18e04fa.ns6.noarch.rpm
Test case
  • Check the bug is not reproducible

#6 Updated by Filippo Carletti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

Updated to nethserver-squid-1.3.1-1.2.gc499904.ns6.noarch.
Enabled proxy with block rule, I can't surf the web because of this iptables rule:

reject     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport dports 80,443 /* l2tp */

Disabled the proxy, the rule disappeared and I can surf.

Note: I'd add a comment to the rule to highligth it comes from the proxy.

#7 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Released in nethserver-base:
  • nethserver-squid-1.3.2-1.ns6.noarch.rpm

#8 Updated by Davide Principi over 6 years ago

  • Duplicated by Bug #3085: If ports block is enabled in proxy configuration, when proxy is disabled ports block remains still active added

Also available in: Atom PDF