Bug #3050
HTTP and HTTPS port blocked even if proxy is disabled
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-squid | |||
Target version: | v6.6 | |||
Security class: | Resolution: | |||
Affected version: | v6.5 | NEEDINFO: | No |
Description
If web proxy is disabled but the "Block HTTP and HTTPS ports" option is enabled, users can't surf the web.
Steps to reproduce- Enable the web proxy in manual mode
- Check "Block HTTP and HTTPS ports" option
- Save and check the user can access web pages using the proxy
- Disable the web proxy
- The user can't access web pages with or without a configured proxy
Expected behavior
If the proxy is disabled, HTTP and HTTPS must be open and the user should be able to surf the web.
Related issues
Associated revisions
firewall: block HTTP/S ports only if squid is enabled. Refs #3050
shorewall: add comment to block rule. Refs #3050
History
#1 Updated by Giacomo Sanchietti over 6 years ago
- Category set to nethserver-squid
- Status changed from NEW to TRIAGED
- Target version set to v6.6
- % Done changed from 0 to 20
- Affected version set to v6.5
#2 Updated by Giacomo Sanchietti over 6 years ago
Proposed patch:
--- /etc/e-smith/templates/etc/shorewall/rules/90squid 2015-01-20 09:44:48.000000000 +0100 +++ /etc/e-smith/templates-custom/etc/shorewall/rules/90squid 2015-02-19 09:50:51.938075040 +0100 @@ -89,7 +89,7 @@ } } - if ($block eq 'enabled') { + if ($status eq 'enabled' && $block eq 'enabled') { # generate rules for all zones foreach my $z (keys %zones) { $OUT .= "#\n# Block HTTP/HTTPS from $z to net\n#\n";
#3 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#4 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_DEV to MODIFIED
- % Done changed from 30 to 60
#5 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
Package in nethserver-testing:
- nethserver-squid-1.3.1-1.1.g18e04fa.ns6.noarch.rpm
- Check the bug is not reproducible
#6 Updated by Filippo Carletti over 6 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
Updated to nethserver-squid-1.3.1-1.2.gc499904.ns6.noarch.
Enabled proxy with block rule, I can't surf the web because of this iptables rule:
reject tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443 /* l2tp */
Disabled the proxy, the rule disappeared and I can surf.
Note: I'd add a comment to the rule to highligth it comes from the proxy.
#7 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
Released in nethserver-base:
- nethserver-squid-1.3.2-1.ns6.noarch.rpm
#8 Updated by Davide Principi over 6 years ago
- Duplicated by Bug #3085: If ports block is enabled in proxy configuration, when proxy is disabled ports block remains still active added